Seperate RSA subkeys for decryption and signing or one for both?

Hubert Kario hka at
Tue Dec 4 13:19:11 CET 2012

On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
> Hello,
> are there arguments for preferring either
> a) having one RSA subkey for decryption only and one for signing only
> or
> b) having only one RSA subkey for both decryption and signing?
> Do any problems arise with the smartcard if the same key shall do different
> tasks?

Keys can become "used up" so it entirely depends on how often you use it.

What I mean by that, is that any signing operation leaks some information 
about the key used for signing (generally far less than few tens of a bit).
If you have signed tens of thousands of documents with it, an attacker can 
recover substantial portion of the key and speed up the key recovery.

Hubert Kario
QBS - Quality Business Software
02-656 Warszawa, ul. Ksawerów 30/85
tel. +48 (22) 646-61-51, 646-74-24

More information about the Gnupg-users mailing list