Seperate RSA subkeys for decryption and signing or one for both?

Hauke Laging mailinglisten at
Tue Dec 4 14:14:34 CET 2012

Am Di 04.12.2012, 13:19:11 schrieb Hubert Kario:

> Keys can become "used up" so it entirely depends on how often you use it.
> What I mean by that, is that any signing operation leaks some information
> about the key used for signing (generally far less than few tens of a bit).
> If you have signed tens of thousands of documents with it, an attacker can
> recover substantial portion of the key and speed up the key recovery.

I remembered having read something like that. But does this refer to signing 
only? Are decryption keys not affected by that? The advantage of separate 
subkeys would be then that the non-used up key could keep active longer. That 
may be an argument against signing emails by default ;-)  or at least for 
longer signature keys.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121204/80ef3dbc/attachment.pgp>

More information about the Gnupg-users mailing list