$\begingroup$

How secure is libgcrypt's Elgamal implementation of encryption (how different it is from textbook Elgamal), and how can I tweak padding and other preprocessing actions?

For example, I know that usign RSA I can use this S-expression to the function gcry_pk_encrypt :

(data (flags pkcs1) (value BLOCK))

And I can use oaep or pss instead of " pkcs1 ". But what do I use with Elgamal? I can encrypt and decrypt using Elgamal, using

(data (value BLOCK))

but then I have no idea if raw Elgamal was used or if it's actually DHAES or some padded-Elgamal variant.

What is the proper way to use Elgamal in libgcrypt, and what options can I pass? Or would it be better to switch to RSA?

edit: I think that what I wanted to ask is "what is the intended use of Elgamal as implemented in libgcrypt?"