Seperate RSA subkeys for decryption and signing or one for both?
nicholas.cole at gmail.com
Tue Dec 4 17:07:26 CET 2012
On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario <hka at qbs.com.pl> wrote:
> On Monday 03 of December 2012 12:41:10 Hauke Laging wrote:
>> are there arguments for preferring either
>> a) having one RSA subkey for decryption only and one for signing only
>> b) having only one RSA subkey for both decryption and signing?
>> Do any problems arise with the smartcard if the same key shall do different
> Keys can become "used up" so it entirely depends on how often you use it.
> What I mean by that, is that any signing operation leaks some information
> about the key used for signing (generally far less than few tens of a bit).
> If you have signed tens of thousands of documents with it, an attacker can
> recover substantial portion of the key and speed up the key recovery.
Do you have a reference for this? I thought the major reason to use
separate signing/encryption keys was that if a user could be persuaded
to sign a chosen encrypted text with the same key, the decryption key
would be revealed.
I've never read before that a key could be "used up" in this way.
More information about the Gnupg-users