[oclug] Diffie-Hellman/DSS vs RSA

Sandy Harris sandy at storm.ca
Sat Sep 15 12:48:47 EDT 2001


Dean Staff wrote:
> 
> Hi All,
> 
> I'm about to create a PGP key but have been presented with 3 options.
> So I though I'd ask for opinions. A dangerous thing to do on this list, but here
> goes...
> 
> My optionsa are to create a Diffie/Hellman/DSS key, an RSA key or an RSA
> Legacy Key. I've already eliminated the RSA Legacy key, but not sure of the
> other two.
> 
> What's the difference and which should I use?
> 
> And before I get flamed for not using GnuGP, let me just say that the pgp
> plug in for my e-mail client does not yet support it.

There's a (perhaps oversimplified) explanation at:
http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/glossary.html#PGP

Originally PGP used RSA keys. Later, mainly for licensing reasons, they
switched. Now that the RSA patent has expired, they support both.

Lots of people still use PGP 2.whatever and RSA keys. Some don't trust DSS
because the NSA had a hand in its development. Some just don't want to
switch or haven't gotten around to it, ...

The newer versions have some extra stuff in the key format, so even if you
create an RSA key with them in the default format, older versions cannot
use it. An "RSA legacy key" is minus the cruft, usable by older versions
but without some features the cruft supports.

I'd create a key for the new version, probably DH/DSS because it is more
common. Write down the fingerprint so you can give it to people you want
to have sign your key. Consider putting it on your business cards. That's
a convenient format to hand people.

Then conside whether you also need a legacy format RSA key. You do if
you correspond with people who prefer that, or if you need to sign
things (software releases? email? documents?) in a way that anyone can
verify. 

If you do need one, then I'd say download PGP 2.6i and use it to create
the key. There have been some reported problems with creating these keys
using later versions. If you do that, use the RSA key to sign the DH/DSS 
one, but not vice versa since older software cannot read the new sigs.



More information about the OCLUG mailing list