DH Key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jun 23 21:47:23 CEST 2011


On 06/23/2011 11:11 AM, Lane Brooks wrote:
> I need to generate a 2048-bit PGP version 6.5.3 or later and of the type
> DH/DSS public key. I have read in the FAQ how to edit the key to be
> compatible with PGP, but I cannot find how to generate a DH type key.
> The gnupg on Fedora 15 has the following options when I run gpg2 --gen-key:
> 
> 
> Please select what kind of key you want:
>    (1) RSA and RSA (default)
>    (2) DSA and Elgamal
>    (3) DSA (sign only)
>    (4) RSA (sign only)
> Your selection?
> 
> I compiled the latest 2.0 version myself and it has the same options. I
> was hoping the configure output would tell me I was missing a DH crypt
> library, but it didn't. How do I compile DH support into gpg? I cannot
> find anything on google.

I think you're getting confused by the (admittedly confusing) terminology.

DH is Diffie-Hellman, which is a form of anonymous session-key exchange.
 It is not a public key crypto algorithm, though it can be used in
conjunction with public key crypto.

DSS is the Digital Signature Standard, which is also known as DSA (the
Digital Signature Algorithm).

So i think you want either 2 or 3 in the menu above.

If you choose 3, you will only have a signing-capable key.  That should
be fine, if the only requirements you have are that you need a
DSS-capable key; DSS is for signatures, not encryption.

However, if you want people to be able to encrypt information to you,
you'll need to add an encryption capable key.  The reasonable choices
for that today are either Elgamal (very similar to DSS, but for
encryption) or RSA.

once your primary key is generated, you can add an encryption-capable
subkey with:

 gpg --edit-key $KEYID addkey

(replace $KEYID with the id of your new key, of course).

hope this helps,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110623/f932570f/attachment.pgp>


More information about the Gnupg-users mailing list