Why is there no “Toggle the encrypt capability” when generating master key using ECC vs RSA?

gnupg ecc

Evaluating switching from RSA to ECC when provisioning YubiKeys.

Noticed that when I run gpg --expert --full-generate-key and select “ECC (set your own capabilities)”, the “Toggle the encrypt capability” feature is not available (vs when using RSA).

I am trying to generate ECC master key from which I would like to derive signing, encryption and authentication sub-keys.

Why? Thanks for helping out!


Subkeys are not derived from the master key. They are merely signed by the master key, but otherwise have no relationship to it – their capabilities and even algorithms do not need to match.

Indeed that's the whole point of subkeys in PGP. Originally it used a single RSA keypair for everything, but now there is a common saying among cryptography experts that the same key should never be used for different purposes, such as signing and encryption – so eventually the 'subkeys' feature was invented so that signing could be done using one RSA key and encryption using another.

(To some extent, even using the same signing key for network authentication and document certification is not a good idea – even though those are the same thing cryptographically, they're different policy-wise. The "PIV smartcard" mode in your Yubikey has explicitly separate keyslots for these purposes, because they have different PIN requirements.)

So while RSA keypairs in PGP can still have all capability bits at once (for legacy reasons), all other key types are explicitly treated as using different algorithms for signing and encryption – an "ECDSA" (19) or "EdDSA" (22) key can only sign/verify and an "ECDH" (18) key can only encrypt/decrypt. Something similar applies to DSA versus ElGamal.

And because the master key in PGP is used to certify both other people's keys and your own subkeys, it must be a signing-capable algorithm with the certify capability. For an EC key, this rules out the encryption-capable algorithms.

But as already mentioned, this does not affect subkeys in any way. Once you have the primary key generated, you can add subkeys with any algorithm (for example, even an old RSA primary key could have an Ed25519 signing subkey and a P256 authentication subkey).

Related

sudo !! equivalent on Windows cmd
7-zip doesn't open files with password from windows explorer
How to move extension icon back to toolbar in Microsoft Edge?
Right click drag drop not working
Multiple hard drive partitions
Duplicating a system partition from a SSD with bad sectors.
Searching from Start Menu not working
Couldn't open a raw socket. Error: Permission denied (13)
Macbook pro bluetooth headset auto re-connect doesn't work. Requires pairing after restart
Unable to access my local web server via WAN-IP (provided by ISP)
Bitdefender scan not working after my computer was diagnosed with Bulz malware [duplicate]
Why WD HDD has different set of values when comparing to other WD HDDs?