Why do we use a different key to sign than to encrypt

Guy Halford-Thompson guy at cach.me
Tue Mar 1 15:30:37 CET 2011


But doesnt GPG generate 2 private keys (as well as public keys) when
you create a new keypair?

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only

I can understand if you use DSA and Elgamal (DSA can only sign) but
what about RSA and RSA?

On 1 March 2011 13:54, david at gbenet.com <david at gbenet.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> People encrypt to your public key - you de-crypt with your private key. You sign with your
> private key. It's that simple
>
> David
>
> Guy Halford-Thompson wrote:
>> Not GPG specific, but I was wondering if someone could point me in the
>> direction of some resources that explain why we use different keys to
>> sign and encrypt (for cases where the same key _could_ do both e.g.
>> RSA).  I cant seem to pick anything up on google.
>>
>> Thanks
>>
>
> - --
> “See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
> Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.”
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBCAAGBQJNbPqEAAoJEOJpqm7flRExLo0IALyNI0IGDXLa2Wd/SgAiZH6/
> Sq4Ef9BOk/L0g1JczyVIcRrs7aeSdo7K935wcRCDgFw8pH3jsd8xBU+jdQyjEsL4
> lrA+GFo0BE5p/Ksa10cNGWzw3n2dJsrGgAYGv+jkdVjlGFI7RsOo4MWv5orYATZ3
> B/Oyc/rUM5q5BoZbdihn5nysCScmGACyQbpwOOG1rQZ7U7IiqtxwoBrJwFaMNzHX
> lFs5GjWqtxfbCRl2GfyZN8ghRK6mZR+6WmDDmZRQ3sw1li7bw9M/2z1DNnHuGwr8
> fNhifuvqMUlVe/KdEiW1I2mcKwyMSc0oUuwT1Neqk8nIUkIarSBeNWys0sWT1Bw=
> =5AWK
> -----END PGP SIGNATURE-----
>



-- 
Guy Halford-Thompson - http://www.cach.me/blog



More information about the Gnupg-users mailing list