Why do we use a different key to sign than to encrypt

David Tomaschik david at systemoverlord.com
Tue Mar 1 15:47:06 CET 2011

On Tue, Mar 1, 2011 at 9:34 AM,  <Lists.gnupg at mephisto.fastmail.net> wrote:
> On Tue, Mar 01, 2011 at 01:13:16PM +0000 Also sprach Guy Halford-Thompson:
>> Not GPG specific, but I was wondering if someone could point me in the
>> direction of some resources that explain why we use different keys to
>> sign and encrypt (for cases where the same key _could_ do both e.g.
>> RSA).
> This may not be the whole story, but I did manage to find this:
> http://www.di-mgt.com.au/rsa_alg.html#weaknesses

The weaknesses documented there do not seem to apply to OpenPGP (and
hence GnuPG).  One, messages are not actually encrypted with RSA; a
symmetric algorithm is used to encrypt messages and the key to that
encryption is encrypted with RSA.  I believe that GnuPG uses a larger
encryption exponent, reducing the threat posed by the Chinese
Remainder Theorem.  The threat of the "same key" on that page only
applies where the RSA encryption was done to the plain text directly.
Likewise, OpenPGP signing is done on a hash of the plain text.
(Again, not on the plain text directly.)


David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
david at systemoverlord.com

More information about the Gnupg-users mailing list