"Please select what kind of key you want"

gerry_lowry (alliston ontario canada) gerry.lowry at abilitybusinesscomputerservices.com
Mon Feb 23 00:54:08 CET 2009

Michael W. Lucas on page 73 in Chapter 4 of "PGP & GPG:  Email for the Practical Paranoid",
No Starch Press, (c) 2006, shows the following choices for
 "Please select what kind of key you want":
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)

Michael recommends choosing "5" which turns out to be a disadvantage
that one might not discover until the first time that she/he attempts to
encrypt something.

AFAIK, other people can still encrypt for the user who has selected "5"
above.  And the user can decrypt whatever she/he receives.

I do not recall Michael discussing the solution to the problems
caused by selecting just "(5) RSA (sign only)", although, since his
book is written for a beginner audience, I do think he should
have addressed this problem.  Nevertheless, I found his book
still quite helpful.

Especially because of my experience mentioned above, I tend to pay attention
to the text that follows  "Please select what kind of key you want".

The Windows' version that I used matches Michael's text:
          >gpg --gen-key
           gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.

           Please select what kind of key you want:
              (1) DSA and Elgamal (default)
              (2) DSA (sign only)
              (5) RSA (sign only)

>From "gpg  --edit-key    ID    addkey",  I also get
              (2) DSA (sign only)
              (4) Elgamal (encrypt only)
              (5) RSA (sign only)
              (6) RSA (encrypt only)
     ----------------------------------  where's (3)
              (3) ??????????????

Why is there no "(3)" in the above two lists [gen-key list, addkey list]?

Why are choices "(4) Elgamal (encrypt only)" and "(6) RSA (encrypt only)"
 not present in the "gen-key" list?

Why is choices "(1) DSA and Elgamal (default)" not present in the "addkey" list?

============  http://www.netbsd.org/developers/pgp.html  ==============
shows different choices for "gpg --gen-key":
   (1) DSA and ElGamal (default)
   (2) DSA (sign only)
   (4) ElGamal (sign and encrypt)
   (5) RSA (sign only)

Exploring further "Please select what kind of key you want" via Google,
I get the impression that there's potentially a standard that might read something like:
     position (1) should always be __________;
     position (2) should always be __________;
     position (3) should always be __________; et cetera
and for any position, you can offer nothing, sign only, encrypt only, or sign and encrypt together.

Is that the case with regards to developer guidelines?

Also, I'm guessing that although a developer might opt out of creating a key of type X,
regardless, the developer must presumably support a complete set of encryption/decryption
choices for the purpose of processing public and private keys properly.  Is this the case?

Thank you.

Gerry (Lowry)

More information about the Gnupg-users mailing list