Info on sub keys?
dshaw at jabberwocky.com
Sun Jun 4 01:01:37 CEST 2006
On Sat, Jun 03, 2006 at 11:11:21PM +0200, Felix E. Klee wrote:
> At Sun, 04 Jun 2006 03:02:19 +0930,
> Alphax wrote:
> > > * One can include any number of sub keys into a key, right? I ask
> > > because I recall reading that there was/is some problem with key
> > > servers and sub keys.
> > PKS keyservers (pre version 0.9.6) had a bug that mangled keys with
> > multiple subkeys.
> Hm, as far as I understand it, public key servers exchange updates among
> each other, in oder to stay synchronized. Consider the following
> I upload a key to server A, from there it goes to server B and
> finally it arrives at server C: A->B->C.
> Now what would happen if that key contains a signature sub key and
> server B runs a pre 0.9.6 PKS version? Would the key end up in a
> mangled state on B and C? Could the mangled key propagate back to A?
B would mangle it and send the mangled version to C. Offhand, I don't
recall any pre 0.9.6 PKS installations left though.
> > > If there is any good documentation on sub keys, aside from technical
> > > specifications (such as RFC 2440), then please let me know.
> > Adrian von Bidder wrote an excellent tutorial on subkeys at
> > <http://fortytwo.ch/gpg/subkeys>.
> I recall finding it on the web some time ago, but I didn't read it. I
> better do that now.
> BTW, there's another little question I forgot to raise in my first
> In his FAQ, Tom McCune uses the expression "4096/2048 RSA" to refer to
> a 2048 bit master key with a 4096 bit encryption sub key. Is this a
> general convention? I.e. does "foo Y/X", in general, refer to an "X"
> bit master key of type "foo" with an "Y" bit sub key for encryption?
It's not a general convention. PGP said things like that because when
you made a RSA primary key, it would (by default) also make a RSA
subkey. Once you start mixing algorithms (RSA primary, Elgamal
subkey, etc), the convention breaks down.
More information about the Gnupg-users