Encryption keys in the OpenPGP spec
David Shaw
dshaw at jabberwocky.com
Mon Jul 27 05:09:18 CEST 2009
On Jul 26, 2009, at 9:40 PM, James P. Howard, II wrote:
> I am trying to understand the differences in key types and looking at
> encryption keys in particular. RFC 4880 has this to say on the matter
> of key flags:
>
> 0x04 - This key may be used to encrypt communications.
>
> 0x08 - This key may be used to encrypt storage.
>
> So, my first question is why is there a distinction between the two
> types of encryption?
>
> Also, looking in GnuPG 1.4.9, I see this in g10/keygen.c:
>
> if (use & PUBKEY_USAGE_ENC)
> buf[0] |= 0x04 | 0x08;
>
> Which suggests, quite strongly, that the distinction is irrelevant.
> Why
> GnuPG ignore the different encryption key types?
Because it is difficult (or nearly impossible) to determine the
difference from the perspective of GnuPG. That is, I as a person know
what I'm encrypting and what I plan on doing with it, but GnuPG just
sees bits. As a general-purpose OpenPGP tool, GnuPG pretty much needs
to treat both communications and storage as the same thing. Other
tools for more specific environments may "know" what their usage is
and can treat this differently.
This is expected behavior - the OpenPGP standard even mentions it:
Note however, that it is a thorny issue to
determine what is "communications" and what is "storage". This
decision is left wholly up to the implementation; the authors of
this
document do not claim any special wisdom on the issue and realize
that accepted opinion may change.
David
More information about the Gnupg-users
mailing list