using various subkeys

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed Aug 21 08:38:02 2002 

--=-5OGmiifqbq7mTBlkikcU
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Thanks for your comments, Werner and David. I think I shall go with this
plan.

On Tue, 2002-08-20 at 17:34, David Shaw wrote:
> On Tue, Aug 20, 2002 at 04:37:20PM +0200, Adrian 'Dagurashibanipal' von B=
idder wrote:
[...]

> You are trying to make a key with two signing keys (primary and
> subkey) and no encryption subkey?  If so, you can generate that
> directly.  Just generate a "DSA sign only" key, then add a DSA subkey
> to it.

No, I'll have a normal encryption subkey, too. But as I mostly use
signing I won't have that secret key on my less secure machine.

>>  - PGP users can verify such signatures from version ???
> 8.0.  In other words, no current version.  Imad's PGP 6.5.8ckt can do
> it, however.

Tough luck. I doubt joe user would be using this special version - but
then, most of my collegues who use openpgp at all are using Linux and
gpg.

> >  - gpg users can verify such signatures from version ???
> Not sure.  Certainly 1.0.4 and later can do it, and I suspect much
> earlier as well.

Werner:
: Since ever I would say.

That's good.

> >  - if the subkey is compromised, the attacker can sign other keys with
> >    it (I believe. Or can a key only be signed with the primary?)

Werner:
: No.  There used to be a bug in an older GnuPG versions which=20
: accidently used a signing subkey for signing user IDs.  But this
: affected only very few keys and GnuPG won't verify these key
: signatures anymore.

> Well, theoretically yes, but no OpenPGP program accepts key signatures
> from subkeys.  The attacker could do some magic to change the subkey

Hmmm. Does openpgp say anything about this? Can't remember that there
was something on this topic. But in any case current behaviour is
exactly what I want.

> into a primary key, but then it would not be trusted any longer.

You mean taking the key material of the subkey to generate a primary. As
you said: it would not be trusted any longer and so is of no real
concern.

> >  - when the primary secret key is available, gpg will by default use
> >    it and not the additional signing subkey.
>=20
> No.  It will use the signing subkey by default unless you are making a
> key signature.  You will need to use the keyid! syntax if you want to
> use the primary signing key to make a signature.

Ok, so what I'll do is use different signing subkeys on different
machines, so if I ever suspect a subkey to be compromised, only a subset
of my existing signatures become questionable. The primary will of
course always stay on my secure machine (I'm probably not paranoid
enough to only keep it offline. Must think about it.).

cheers
-- vbi

--=20
secure email with gpg                         http://fortytwo.ch/gpg

--=-5OGmiifqbq7mTBlkikcU
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9YzWewj49sl5Lcx8RAgctAJ4tdD1v0jXeDj3BwMzaKyTQ+9WVUgCdF8SE
HpHfA5avgGlqdxYZAh6ityQ=
=HvZG
-----END PGP SIGNATURE-----

--=-5OGmiifqbq7mTBlkikcU--