one ecc key-pair for both encryption and signature?

Bernhard Reiter bernhard at
Fri Jan 7 17:55:50 CET 2022

Am Freitag 07 Januar 2022 15:21:45 schrieb Andrew Gallagher via Gnupg-users:
> On 07/01/2022 14:06, Bernhard Reiter wrote:
> > With 2.2.33 is is not possible to create a single ecc key-pair
> > that can do "sign" and "encrypt".
> it is best practice to keep the encryption-capable subkey distinct.

Is this the only reason?
Then RSA should be limited in the same way.
(Because there it is possible, so I guess that there is another reason.)

Am Freitag 07 Januar 2022 15:26:50 schrieb Robert J. Hansen via Gnupg-users:
> Ed25519 is (effectively) a Schnorr signature done over an Edwards curve.
>   Schnorr signatures have really no capability of being used for
> encryption, unless you want to do it just a few bytes at a time.

| Curve25519 is an elliptic curve [..] designed for use with the elliptic 
| curve Diffie–Hellman (ECDH) key agreement scheme 
-> encrypt

| The curve is birationally equivalent to a twisted Edwards curve
| used in the Ed25519 signature scheme. 

There is anequivalence given (two functions) in the Ed25519 wikipedia page,
but I don't know if this allows the same curve used in both algorithms.

--   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-users mailing list