Info on sub keys?

Felix E. Klee felix.klee at inka.de
Sat Jun 3 23:11:21 CEST 2006 

At Sun, 04 Jun 2006 03:02:19 +0930,
Alphax wrote:
> A subkey cannot issue a certification signature - at least not in any
> known implementations.

Right, I read about that before.

> PGP 8 supports signing subkeys; no other offical version of PGP before
> then does. 

According to Tom McCune's FAQ [1] version 8.1 was the first version that
supported signing subkeys for checking signatures:

  "GPG (but not PGP) can now generate subkeys for signing.  Until PGP
  8.1, PGP had no support for this, and could not verify signatures made
  with such a signing subkey."

So, I assume that there was a version 8.0 which doesn't support them.  I
wonder when version 8.1 was released.

> > * One can include any number of sub keys into a key, right?  I ask
> >   because I recall reading that there was/is some problem with key
> >   servers and sub keys.
> 
> PKS keyservers (pre version  0.9.6) had a bug that mangled keys with
> multiple subkeys.

Hm, as far as I understand it, public key servers exchange updates among
each other, in oder to stay synchronized.  Consider the following
example:

  I upload a key to server A, from there it goes to server B and
  finally it arrives at server C: A->B->C.

Now what would happen if that key contains a signature sub key and
server B runs a pre 0.9.6 PKS version?  Would the key end up in a
mangled state on B and C?  Could the mangled key propagate back to A?

> > If there is any good documentation on sub keys, aside from technical
> > specifications (such as RFC 2440), then please let me know.
> 
> Adrian von Bidder wrote an excellent tutorial on subkeys at
> <http://fortytwo.ch/gpg/subkeys>.

I recall finding it on the web some time ago, but I didn't read it.  I
better do that now.

BTW, there's another little question I forgot to raise in my first
message:

  In his FAQ, Tom McCune uses the expression "4096/2048 RSA" to refer to
  a 2048 bit master key with a 4096 bit encryption sub key.  Is this a
  general convention?  I.e. does "foo Y/X", in general, refer to an "X"
  bit master key of type "foo" with an "Y" bit sub key for encryption?

[1] http://www.mccune.cc/PGPpage2.htm

-- 
Felix E. Klee

More information about the Gnupg-users mailing list