2

I would like to ask this question as I'm not the first person which has this behavior.

I'm trying to encrypt a simple message using GnuPG using a public key I've received from a friend, he's using DSA 3072 but for some reason, whenever I try to encrypt using his public key, I get 

gpg: <mailaddr>: skipped: unusable public key
gpg: s: encryption failed: unusable public key

Here's the output of gpg --list-key when I lookup my friend's mail

pub   3072D/fingerprint some-date-here
uid                  Name1 <mail1>
uid                  Name2 <mail2>

Here's my GPG --version output

gpg --version
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

I'm asking here as I recently got mail from people claiming the same (I'm also using DSA 3072 on my key). Can anyone shed some light on this topic ?

Vilican
  • 2,703
  • 8
  • 21
  • 35
gpgfr
  • 21
  • 2

1 Answers1

2

DSA is a signature algorithm; its keys are not usable for asymmetric encryption. In the OpenPGP format, algorithms for encryption are RSA and El-Gamal.

Normally, when you create your keypair, you are actually producing several key pairs: a "master" key, and some "sub-keys" for signing and for encrypting. The master key signs the sub-keys. When you say that you use "DSA 3072", you really mean that your master key uses DSA 3072. Similarly for your friend.

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • Ok, thanks for the semantic correction. but why can't I use "gpg --reciepent "person" --encrypt " ? why does it give an error ? – gpgfr May 26 '15 at 14:45
  • The idea is that, for some reason, you have a copy of the recipient's master key (usable for signatures only) but not of his encryption subkey. `gpg` only sees the signature key, and cannot use it for encryption. – Tom Leek May 26 '15 at 14:49
  • which software should i use instead of gpg then in order to encrypt using it ? – gpgfr May 26 '15 at 14:52
  • also, doesn't "Pubkey: ... DSA" states that my version of GPG supports DSA? – gpgfr May 26 '15 at 15:01
  • GPG supports DSA and DSA is a signature algorithm, so GPG will be perfectly happy to verify signatures using that key. That's the point of DSA being a signature algorithm and not an encryption algorithm: you can sign with it, you cannot encrypt with it. – Tom Leek May 26 '15 at 15:07
  • but still when I generate a keypair using GnuPG I can use DSA and ElGamal, what's the case here ? This key isn't unique, it was generated in a default way – gpgfr May 26 '15 at 15:10