Info on sub keys?
Felix E. Klee
felix.klee at inka.de
Sat Jun 3 23:11:21 CEST 2006
At Sun, 04 Jun 2006 03:02:19 +0930,
> A subkey cannot issue a certification signature - at least not in any
> known implementations.
Right, I read about that before.
> PGP 8 supports signing subkeys; no other offical version of PGP before
> then does.
According to Tom McCune's FAQ  version 8.1 was the first version that
supported signing subkeys for checking signatures:
"GPG (but not PGP) can now generate subkeys for signing. Until PGP
8.1, PGP had no support for this, and could not verify signatures made
with such a signing subkey."
So, I assume that there was a version 8.0 which doesn't support them. I
wonder when version 8.1 was released.
> > * One can include any number of sub keys into a key, right? I ask
> > because I recall reading that there was/is some problem with key
> > servers and sub keys.
> PKS keyservers (pre version 0.9.6) had a bug that mangled keys with
> multiple subkeys.
Hm, as far as I understand it, public key servers exchange updates among
each other, in oder to stay synchronized. Consider the following
I upload a key to server A, from there it goes to server B and
finally it arrives at server C: A->B->C.
Now what would happen if that key contains a signature sub key and
server B runs a pre 0.9.6 PKS version? Would the key end up in a
mangled state on B and C? Could the mangled key propagate back to A?
> > If there is any good documentation on sub keys, aside from technical
> > specifications (such as RFC 2440), then please let me know.
> Adrian von Bidder wrote an excellent tutorial on subkeys at
I recall finding it on the web some time ago, but I didn't read it. I
better do that now.
BTW, there's another little question I forgot to raise in my first
In his FAQ, Tom McCune uses the expression "4096/2048 RSA" to refer to
a 2048 bit master key with a 4096 bit encryption sub key. Is this a
general convention? I.e. does "foo Y/X", in general, refer to an "X"
bit master key of type "foo" with an "Y" bit sub key for encryption?
Felix E. Klee
More information about the Gnupg-users