one ecc key-pair for both encryption and signature?

Robert J. Hansen rjh at
Fri Jan 7 15:26:50 CET 2022

> I know that "ed25519" and "cv25519" are different algorithms,
> but from my limited understanding the same key-pair should be
> usable for both encrypting and signing in theory?

Ed25519 is (effectively) a Schnorr signature done over an Edwards curve. 
  Schnorr signatures have really no capability of being used for 
encryption, unless you want to do it just a few bytes at a time.

Schnorr signatures were also used as the basis for DSA during the 
cryptowars of the 1990s.  The US government was very worried that any 
federal crypto standard not be able to be used for encryption 
(seriously): they wanted to give American citizens and businesses a 
strong signature algorithm, but not give us a strong encryption 
algorithm.  Hence, Schnorr was adapted into becoming the Digital 
Signature Algorithm...

More information about the Gnupg-users mailing list