The context of this question is coming up with the parameters for the ElGamal encryption scheme.
One of the requirements for the parameters for ElGamal is that we have primes $p$ and $q$ such that $p = q \cdot k + 1$ for some $k$. For simplicity, let $k=2$. We also need a generator $g$ for $p$ such that $g^q \equiv 1 \pmod p$. (Feel free to correct me if I got any of this wrong).
However, according to this Crypto SE answer to “How to test if a number is a primitive root?”, a number $g$ is a generator of $p$ iff $g^{\varphi(p)/j} \not \equiv 1 \pmod p$ for all prime factors $j$ of $\varphi(p)$. Since $\varphi(p) = p-1$ (as $p$ is prime) and $p-1$ has just two prime factors, $2$ and $q$, we have $g^q \not\equiv 1 \pmod p$.
Doesn't this directly contradict the above requirement of ElGamal?
For a real world example, take IKE groups 1 and 2 from RFC 2409. With group 2, we have $p = $ some large prime and $(p-1)/2$ also equals some large prime. They give us the generator $g=2$. This checks out for ElGamal because $2^p \equiv 1 \pmod p$. I've also tested it with my implementation of ElGamal encryption and everything works fine. However, doesn't this contradict the definition for a generator? If I try to find a generator for $p$, the first one I get is $g=11$, because $11^q \not\equiv 1 \pmod p$ and $11^2 \not\equiv 1 \pmod p$. But if I use $g=11$, the encryption fails because, as far as I can tell, $11^q \not\equiv 1 \pmod p$.
