gpg: ElGamal encrypt only? - PGP

This is a discussion on gpg: ElGamal encrypt only? - PGP ; I just DLed version 1.2.4 of GnuPG. All the documentation I read says that when choosing a new subkey one of the choices should be ElGamal (encrypt + sign). But I only get (encrypt). Am I missing something? Or has ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: gpg: ElGamal encrypt only?

  1. gpg: ElGamal encrypt only?

    I just DLed version 1.2.4 of GnuPG. All the documentation I read says
    that when choosing a new subkey one of the choices should be ElGamal
    (encrypt + sign). But I only get (encrypt). Am I missing something?
    Or has this feature been removed?

    -jason

  2. Re: gpg: ElGamal encrypt only?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    JVarsoke wrote:

    > I just DLed version 1.2.4 of GnuPG. All the documentation I read
    > says that when choosing a new subkey one of the choices should be
    > ElGamal (encrypt + sign). But I only get (encrypt). Am I missing
    > something? Or has this feature been removed?


    Unless it has been removed in v1.2.4, the choice should be available
    when --expert is set. Note that ElGamal sign+encrypt keys should be
    avoided due to a severe bug in GnuPG.

    "This is a significant security failure which can lead to a compromise
    of almost all ElGamal keys used for signing. Note that this is a real
    world vulnerability which will reveal your private key within a few
    seconds", Werner Koch said. As to impact, he noted, "All ElGamal
    sign+encrypt keys (type 20) generated with GnuPG 1.0.2 or later must
    be considered compromised. Keys generated and used only with prior
    versions might still be safe but should ideally be revoked too. Note
    that even if an ElGamal sign+encrypt key was generated before GnuPG
    1.0.2, using that key in GnuPG 1.0.2 or later to issue signatures will
    still compromise the key. Again, ElGamal encrypt-only keys (type 16)
    from any version of GnuPG are *not* affected".


    - --
    Mike Daigle - http://mdaigle.webhop.info
    Free Security Certificates - http://www.cacert.org
    Gossamer Spider Web of Trust - http://gswot.webhop.info

    -----BEGIN PGP SIGNATURE-----

    iD8DBQFAQ17FNuccKlqTLlMRAkJWAKCQMrlyjCt2tKOmm63kis FE1GeO1gCfR//j
    XtuIIH4f234AhM0MTfPnDDo=
    =aHwi
    -----END PGP SIGNATURE-----


  3. Re: gpg: ElGamal encrypt only?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Michael Daigle writes:

    >> I just DLed version 1.2.4 of GnuPG. All the documentation I read
    >> says that when choosing a new subkey one of the choices should be
    >> ElGamal (encrypt + sign). But I only get (encrypt). Am I missing
    >> something? Or has this feature been removed?


    >Unless it has been removed in v1.2.4, the choice should be available
    >when --expert is set. Note that ElGamal sign+encrypt keys should be
    >avoided due to a severe bug in GnuPG.


    I think it was removed from 1.2.4 because of that bug.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (SunOS)

    iD8DBQFAQ5XLvmGe70vHPUMRArR1AJ9GEE2xWYfWj9qLOixSPw gu0g8F3gCguIYw
    U3kTMxIILG6hTmfJlZaFSAA=
    =NLJ3
    -----END PGP SIGNATURE-----


  4. Re: gpg: ElGamal encrypt only?

    Neil W Rickert wrote:
    > Michael Daigle writes:
    >
    >>> I just DLed version 1.2.4 of GnuPG. All the documentation I read
    >>> says that when choosing a new subkey one of the choices should be
    >>> ElGamal (encrypt + sign). But I only get (encrypt). Am I missing
    >>> something? Or has this feature been removed?

    >
    >>Unless it has been removed in v1.2.4, the choice should be available
    >>when --expert is set. Note that ElGamal sign+encrypt keys should be
    >>avoided due to a severe bug in GnuPG.

    >
    > I think it was removed from 1.2.4 because of that bug.


    It was indeed removed from 1.2.4 because of that bug. It looks like
    Elgamal signatures in general are going to be removed from the OpenPGP
    standard.

    David

+ Reply to Thread