RSA only enable to sign

Robert J. Hansen rjh at
Tue Sep 8 08:50:39 CEST 2009

Iván Cervantes wrote:
> Changing a little my question, why I have only three options in my gpg
> installation¿?

A GnuPG "key" isn't just one piece of data.  It's a whole lot of pieces
of data.

All GnuPG keys -- what we should really call "certificates" -- have a
signing key.  That's the most basic, fundamental thing in the
certificate.  If you want to be able to encrypt, you have to add an
encryption subkey.

Up until GnuPG 1.4.10, GnuPG would create a DSA signing key and an
ElGamal encryption key for you as one single operation.  You executed
"--gen-key", and GnuPG created the signing key, added the encryption
subkey, and you were done.

RSA was considered to be for advanced users.  Advanced users were
believed to be capable of generating their signing key, and then adding
their own encryption key later.

More information about the Gnupg-users mailing list