Encryption keys in the OpenPGP spec

David Shaw dshaw at jabberwocky.com
Mon Jul 27 05:09:18 CEST 2009

On Jul 26, 2009, at 9:40 PM, James P. Howard, II wrote:

> I am trying to understand the differences in key types and looking at
> encryption keys in particular.  RFC 4880 has this to say on the matter
> of key flags:
>       0x04 - This key may be used to encrypt communications.
>       0x08 - This key may be used to encrypt storage.
> So, my first question is why is there a distinction between the two
> types of encryption?
> Also, looking in GnuPG 1.4.9, I see this in g10/keygen.c:
>    if (use & PUBKEY_USAGE_ENC)
>        buf[0] |= 0x04 | 0x08;
> Which suggests, quite strongly, that the distinction is irrelevant.   
> Why
> GnuPG ignore the different encryption key types?

Because it is difficult (or nearly impossible) to determine the  
difference from the perspective of GnuPG.  That is, I as a person know  
what I'm encrypting and what I plan on doing with it, but GnuPG just  
sees bits.  As a general-purpose OpenPGP tool, GnuPG pretty much needs  
to treat both communications and storage as the same thing.  Other  
tools for more specific environments may "know" what their usage is  
and can treat this differently.

This is expected behavior - the OpenPGP standard even mentions it:

    Note however, that it is a thorny issue to
    determine what is "communications" and what is "storage".  This
    decision is left wholly up to the implementation; the authors of  
    document do not claim any special wisdom on the issue and realize
    that accepted opinion may change.


More information about the Gnupg-users mailing list