PGP: is there such a thing as a "signature only key?"

Dave Bird dave at xemu.demon.co.uk
Thu, 18 Oct 2001 00:25:56 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In<20011017231156.C72742@colon.colondot.net>, Matthew Byng-Maddick:
>On Wed, Oct 17, 2001 at 10:30:57PM +0100, Dave Bird wrote:
>>  It has been claimed to me there is such a thing as a "signature
>>  only key", and that the PGP program will (automatically) refuse
>>  to encrypt to it.
>
>This is correct. It's not that it will refuse, it can't use a signature-only
>key as an encryption key. (this is not true with RSA keys, but with the
>more recent DSA/ElGamal pairs). When you generate such a compound key (with
>GPG), you will get:
>| Please select what kind of key you want:
>|    (1) DSA and ElGamal (default)
>|    (2) DSA (sign only)
>|    (4) ElGamal (sign and encrypt)
>| Your selection? 

 This is good stuff and we will talk further about this. However....
 I am using Windoze98.  I have a version of PGP which came with
 the Turnpike mailer -- describes itself in Help|About as version
 6.5.3 -- and is as best I know the proper Kosher PGP 
 from Network Associates. 

 The Leys|NewKey command does not produce a dialog like that.
 It produces a key generation wizard. Page 1 describes what keys are.
 Page 2 asks for a name and email address.  Page 3 asks DH or DSS .
 Page 4 asks size.  Page 5 asks expiry.   It does not offer 
 the choices you suggest.  

 I have here a key which says as a comment in the name field
 that it is <SIGNATURE KEY ONLY>.  I click on the padlock Icon
 to bring up a PgpTools toolbar, press the Encrypt button, 
 name a text file at random, and on the keys dialog drag this
 key across into recipients. IT ENCRYPTS WITHOUT OBJECTING.
 Where Turnpike is integrated with PGP, it also automatically
 encrypts to this key when the owner is recipient of mail.


 I  have an issue with the way PGP6.5.3 for Windoze32, and/or
 the integration with Turnpike, operates:  it does NOT
 automatically honour "signature only keys."

 COULD SOMEONE WITH 6.5.3 FOR WIN32 TRY TO DUPLICATE THIS?

 If, as the trollers allege, I had deliberately manufactured
 this behaviour somehow, I would need to have gone to
 considerable trouble ---- because it is purported no properly
 operating version of PGP will encrypt to this key, so I
 would have to have written custom programs to do it using the SDK.

>
>Hope this answers your question.
>
>MBM
>

- --  
 Dave Bird, an official ARS HakeMonger                        ><_'>  <_"
(licensed to mung pelagic fish and clams of all kinds upon the Internet)
"If turbot be the food of hate, Lay on MacErrel and, by damn, 
    Cry HADDOCK  and let loose the cods of war!"            Wm Skatesfin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBO84ThH8v/Y5zkfRPEQLlJgCg4wWdR/cIMVO7PO9oi6kTB//2z64An3ut
YirDwLPNumxnfRD61qstPFy9
=IBBw
-----END PGP SIGNATURE-----