Gpg: To ElGamal or not to ElGamal

From FVue
Jump to: navigation, search

Problem

From this 2003 newsgroup message it is advised "not to use `ElGamal sign+encrypt keys (type 20)'". Especially not for signing.

But the very first option (1) after a gpg2 --gen-key shows me "ElGamal"? 

$ gpg2 --gen-key
gpg (GnuPG) 2.0.4; Copyright (C) 2007 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection?

Is ElGamal safe to use?

Environment

  • gpg-1.4.6
  • gpg2-2.0.4
  • Ubuntu-7.10

Solution

Yes, ElGamal is safe – don't worry. Nowadays the generated key is of type `ElGamal encrypt-only (type 16)' – recognizable by the small letter `g'. That key is not affected. 

$ gpg2 -k
pub   1024D/49DF54A7 2008-03-27
uid                  Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>
sub   2048g/27B3EAB1 2008-03-27

Offending `ElGamal sign+encrypt keys (type 20)' are indicated by the capital letter `G', e.g.: 

pub  2048G/xxxxxxxx 2001-xx-xx Mallory <mallory at example.net>

See also

ElGamal signature scheme - Wikipedia
See paragraph Security. While improving encryption efficiency by lowering k, gpg-1.0.2 compromised signing.

Journal

20080327

Although the Gnu manual still shows an example using gpg-0.9.4 which allows you to generate an `ElGamal sign+encrypt key (type 20)' [1], I'm unable to do so nowadays in either gpg-1.4.6 or gpg-2.0.4: 

alice% gpg --gen-key
gpg (GnuPG) 0.9.4; Copyright (C) 1999 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
   (1) DSA and ElGamal (default)
   (2) DSA (sign only)
   (4) ElGamal (sign and encrypt)
Your selection?

I'm not able to add an ElGamal signing subkey: 

$ gpg2 --edit-key 49DF54A7
...
Command> addkey
Key is protected.

You need a passphrase to unlock the secret key for
user: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
1024-bit DSA key, ID 49DF54A7, created 2008-03-27

Please select what kind of key you want:
   (2) DSA (sign only)
   (4) Elgamal (encrypt only)
   (5) RSA (sign only)
   (6) RSA (encrypt only)

When selecting the ElGamal subkey explicitly for signing, Gpg uses the DSA subkey – not the primary key.

From this page it appears you have to append an exclamation mark `!' to really, really specify the subkey. From info gpg: 

When using `gpg' an exclamation mark (!) may be appended to force
using the specified primary or secondary key and not to try and
calculate which primary or secondary key to use.

$ gpg2 -k
pub   1024D/49DF54A7 2008-03-27
uid                  Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>
sub   2048g/27B3EAB1 2008-03-27
sub   1024D/2B43F139 2008-03-27
$ gpg2 -asu 27B3EAB1!
gpg: skipped "27B3EAB1!": unusable secret key
gpg: signing failed: unusable secret key

Comments

blog comments powered by Disqus

Retrieved from "https://fvue.nl/w/index.php?title=Gpg:_To_ElGamal_or_not_to_ElGamal&oldid=10643"