On 19 May 2005, at 1:37 PM, Ben Laurie wrote:
Key algorithms ... these are used in various contexts, and there's a
list in 9.1 - some of these are clearly unsuitable in some contexts -
for example, one would not expect to see RSA Encrypt-Only (3) in a
signature. But I can't find any language saying anything about
this. Are there any rules?
All of these are deprecated or disallowed.
12.4. RSA
There are algorithm types for RSA-signature-only, and
RSA-encrypt-only keys. These types are deprecated. The "key flags"
subpacket in a signature is a much better way to express the same
idea, and generalizes it to all algorithms. An implementation SHOULD
NOT create such a key, but MAY interpret it.
[...]
12.7. Reserved Algorithm Numbers
A number of algorithm IDs have been reserved for algorithms that
would be useful to use in an OpenPGP implementation, yet there are
issues that prevent an implementer from actually implementing the
algorithm. These are marked in the Public Algorithms section as
"(reserved for)".
[...]
Previous versions of OpenPGP permitted Elgamal [ELGAMAL] signatures
with a public key identifier of 20. These are no longer permitted.
An implementation MUST NOT generate such keys. An implementation
MUST NOT generate Elgamal signatures.