"Please select what kind of key you want"
Robert J. Hansen
rjh at sixdemonbag.org
Mon Feb 23 01:07:03 CET 2009
> Michael W. Lucas on page 73 in Chapter 4 of "PGP & GPG: Email for
> the Practical Paranoid",
> No Starch Press, (c) 2006, shows the following choices for
> "Please select what kind of key you want":
> (1) DSA and Elgamal (default)
> (2) DSA (sign only)
> (5) RSA (sign only)
> Michael recommends choosing "5" which turns out to be a disadvantage
> that one might not discover until the first time that she/he
> attempts to
> encrypt something.
In 2006, Lucas's advice was pretty solid. In 2009, not so much. The
introduction of DSA2 has resolved most -- if not all -- of the reasons
that motivated him and others to suggest RSA.
> AFAIK, other people can still encrypt for the user who has selected
> above. And the user can decrypt whatever she/he receives.
Not with a sign-only key. A sign-only key is only usable for signing;
other people cannot encrypt to a sign-only key.
> Why is there no "(3)" in the above two lists [gen-key list, addkey
Elgamal signing keys were #3, IIRC. They were removed years ago due to
some catastrophic bugs and the community's near-total abjuration of
Elgamal signing keys. (IIRC, the total number of Elgamal signing keys
on the keyserver network was in the neighborhood of 10.)
> Why are choices "(4) Elgamal (encrypt only)" and "(6) RSA (encrypt
> not present in the "gen-key" list?
Because when you generate a new key you /must/ generate a signing
key. #s 4 and 6 are encryption-only keys, which means they can only
be added to an already-existing signing key.
> Why is choices "(1) DSA and Elgamal (default)" not present in the
> "addkey" list?
Why should they be?
If you want to add a new DSA signing key, you can do that. If you
want to add a new Elgamal encryption key, you can do that. Where's
> Also, I'm guessing that although a developer might opt out of
> creating a key of type X,
> regardless, the developer must presumably support a complete set of
> choices for the purpose of processing public and private keys
> properly. Is this the case?
Nope. An OpenPGP implementation is not required to support most of
those algorithms. You can have a perfectly well conforming OpenPGP
implementation which only supports SHA-1, DSA, Elgamal and 3DES.
More information about the Gnupg-users