Changing signature algorithms

MindFuq mindfuq@comcast.net
Thu Oct 17 06:06:02 2002 

* David Picón Álvarez <eleuteri@myrealbox.com> [2002-10-16 20:14]:

> > Another problem is that with the --cipher-algo switch, I cannot change
> > the algorithm used to encrypt the hash on my signature.  In fact, this
> > switch won't even let me select the default DSA algorithm.
> 
> I don't understand what you mean by that. Sorry.

Tell me if I'm wrong- when I sign a message, the first thing that
happens is a hash is created (usually SHA1).  Then that SHA1 hash is
encrypted with my private asymmetric key.  So not only do I have a
choice of hashes (SHA1, MD5, RipeMD5), but I also have a choice of
asymmetric crptosystems (RSA, DSA, ..).

Using defaults and a default generated key, my signatures are composed
of an SHA1 hash which is encrypted with my private key using the DSA
algorithm.  Suppose instead I want my signature to be created by
hashing with SHA1 and encrypting with RSA.

I should be able to do that using this command:

  gpg --clearsign --cipher-algo RSA text_msg

but I get an error:

  gpg: selected cipher algorithm is invalid 

> The --cypher-algo is used to choose the asymmetric algorithm you use when
> you encrypt something to other people.

Or if I'm encrypting to myself.  I just tried to encrypt a message to
myself, using my public key; and when I use the --cipher-algo switch
as follows:

  gpg -ea --cipher-algo RSA text_msg

I get:

  gpg: selected cipher algorithm is invalid 

It doesn't matter what public algorithm I specify.  Then for kicks I
specified a symmetric algorithm, and it worked!  So it seems
--cipher-algo is used to select which *symmetric* algorithm to use.
If that's true, then what does the --s2k-cipher-algo switch do
differently?

> The symmetric cyphers are not listed because they're obvious. If your key is
> RSA it's going to use RSA. There's nothing to do about that. The preferred
> cyphers on a sign-only key don't mean much. However, you can add a RSA
> encryption subkey to your RSA sign-only key and thus use RSA for everything
> with no problem whatsoever.

I will try adding the subkey next.  However, it doesn't seem right to
have to do this, because when I do a pgpdump on an RSA sign-only key,
one of the lines reads:

  Pub alg - RSA Encrypt or Sign(pub 1)

This indicates to me that this sign-only key can be used to encrypt as
well; so I'm not sure what's causing the limitation.  Also, the
following lines are also listed in the pgpdump of the sign-only key:

  Sym alg - AES with 128-bit key(sym 7)
  Sym alg - CAST5(sym 3)
  Sym alg - Triple-DES(sym 2)

This is another indicator that this 'sign-only' key can be used for
encrypting, because symmetric algorithms aren't used to sign.

What am I missing?