Tech Note #82: Hints for Using PGP
1998 Bionic Buffalo Corporation; All Rights Reserved.
28 October 1998
4 of 4
The newest standard for encoding secure information is S/MIME. Unfortunately, the current
versions of PGP software don’t support S/MIME applications. We recommend avoiding
S/MIME when using PGP. Otherwise, most other software will not be able to read your
Older versions of PGP used RSA keys, while the new versions prefer DH/DSS keys. These two
kinds of keys are incompatible. In summary,
old versions of PGP can use RSA keys, and can generate RSA key pairs
new versions of PGP can use RSA or DH/DSS keys, and can generate DH/DSS key pairs,
but cannot generate RSA key pairs
(However, PGP sells a newer, “business” version of PGP which can generate both kinds of key
Especially because some users outside the United States rely on RSA keys, it is sometimes
important to be able to create an RSA key pair. If you cannot buy the business version in your
country (due to export restrictions or whatever), you can create an RSA key pair using an older
version (such as version 2.6), then import the RSA key pair into the newer PGP keyring.
There are many versions of PGP, most of them “unofficial”, but many consider the unofficial
versions to be better than the commercial versions for various reasons. Whether or not this is
true, remember that additional features such as gigantic RSA keys cannot be understood by all
other versions of the software. If you generate jumbo-size keys, you may limit your ability to
communicate with others. It may be wise to have another key pair, which is smaller, for use with
those who do not support the larger keys.
Key sizes are usually expressed in bits. For instance, you might have a 1024-bit RSA key, or a
56-bit DES key.
Not all forms of encryption are equally difficult to break, nor do they have the same weaknesses.
In particular, an RSA or DH/DSS key of a given size is may be weaker than a different kind of
key of a much smaller size. Therefore, comparison of key sizes among different encryption
methods is not usually meaningful.
A PGP message actually uses two different encryption methods and two different keys of
different sizes. The content of the message usually is encrypted using a randomly-generated
128-bit key and the IDEA encryption algorithm. Then the 128-bit key itself is encrypted for
each recipient using that recipient’s public key. The actual strength of the content’s encryption
is therefore based on a 128-bit IDEA key, and not on the public/private key pair.