On Tue, Dec 4, 2012 at 12:19 PM, Hubert Kario <[email protected]> wrote: > On Monday 03 of December 2012 12:41:10 Hauke Laging wrote: >> Hello, >> >> are there arguments for preferring either >> >> a) having one RSA subkey for decryption only and one for signing only >> >> or >> >> b) having only one RSA subkey for both decryption and signing? >> >> Do any problems arise with the smartcard if the same key shall do different >> tasks? > > Keys can become "used up" so it entirely depends on how often you use it. > > What I mean by that, is that any signing operation leaks some information > about the key used for signing (generally far less than few tens of a bit). > If you have signed tens of thousands of documents with it, an attacker can > recover substantial portion of the key and speed up the key recovery.
Do you have a reference for this? I thought the major reason to use separate signing/encryption keys was that if a user could be persuaded to sign a chosen encrypted text with the same key, the decryption key would be revealed. http://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig I've never read before that a key could be "used up" in this way. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
