1

I understand that in PGP a public key encrypts and a private key decrypts. Is it possible to encrypt a message with my private key and have the recipient decrypt it with my public key?

I know that this would provide no real security since my public key is widely known. It would also be a very impractical way of establishing that I authored the message since PGP already supports signing. I'm just curious about whether it's possible to encrypt and decrypt both ways.

Ender Wiggin
  • 905
  • 1
  • 6
  • 7
  • While the other question is closely related and a very good read on the cryptographical background, I would not consider this a full duplicate as this question specifically targets OpenPGP, which adds up another layer of key management and has specific aspects of using key pairs as allowed by the standard. – Jens Erat May 11 '17 at 21:21

1 Answers1

4

First of all: it depends. There are cryptographic algorithms that can be used both ways like RSA, but also others that can only be used for encryption or signing (in OpenPGP, those usually occur in pairs, like DSA for signing together with an ElGamal subkey for encryption).

Is it possible to encrypt a message with my private key and have the recipient decrypt it with my public key?

In the case of RSA, signing a document technically is equivalent to encrypting the hash sum of the document with your private key; if a third party can decrypt it with your public key, the document must have been encrypted by your private key (and given you did not hand that out, it was encrypted by you).

Other encryption algorithms like ElGamal cannot be used like this, on the other hand signing algorithms lika DSA cannot be used for encryption.

I know that this would provide no real security since my public key is widely known.

It would of course not provide confidentiality, but also authorship can be considered security!

It would also be a very impractical way of establishing that I authored the message since PGP already supports signing.

Considering OpenPGP specifically: If you create an RSA primary key that has both signing and encryption capabilities set, you actually use the same public/private key pair for both encryption and signatures as you described. In GnuPG, you will have to provide the --expert flag while creating the key. Doing so is discouraged, though; splitting duties might prevent some (yet unkown) attacks at least for some usage of your key/key set.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
  • Splitting subkeys duties are useful in other ways though, for example you can create a subkey just for signing on your mobile where you never want to deal with encrypted messages on and you can revoke that machine's key without compromising your main key. Or vice versa, if you want a server to be able to decrypt messages sent to you (e.g. for automated reply/spam filter), without it being able to impersonate you or losing your identity key. Also, encryption key generally are longer lived than signing keys, as they need to be kept around to decrypt old messages. – Lie Ryan May 12 '17 at 00:15
  • Of course, these are only useful if you have a detached master key. Also, I believe recent versions of GnuPG creates a separate encryption subkey by default. – Lie Ryan May 12 '17 at 00:18