Why create offline main key without encryption capabilities

David Shaw dshaw at jabberwocky.com
Sun Jun 1 16:52:14 CEST 2014 

On Jun 1, 2014, at 6:54 AM, Suspekt <suspekt at gmx.de> wrote:

> Hi there,
> I understand the concept of using a secure offline key and than creating one or multiple subkeys to use in rather insecure environments like a internet-connected laptop or a smartphone. Depending on which tutorial you look at, the recommended capabilities of the offline key vary.
> Some use the key just for certification of own subkeys and keys of other people.
> 
> Some recommend using it for certification of own subkeys, keys of other people and signing of documents that are so important, that the signing-subkey is not secure enough.
> 
> But I yet have to find someone recommending to use the offline mainkey also for encryption/decryption of files, that are so important that subkey encryption/decryption is not secure enough.
> 
> Is there a reason for that? Am I missing something?

One reason is that in some places there are legal issues around this.  You can be legally required to give up your encryption key to the authorities or suffer the consequences (arrest / jail / etc).  The idea is that if you have a different encryption and signing/certification key, you can easily give up the encryption (sub)key without compromising your (much more valuable) main key.  At least that's the theory - I don't know offhand if this "I'll give you this key, but not that one" trick has been tested in practice, and if so, which legal jurisdiction it was tried in, and whether it worked or not.  (I'd be curious to find out, if anyone has any pointers).

For the sake of argument, let's say it worked, though: the authorities have your encryption key and can now decrypt as they like.  You promptly make a new encryption key using your (uncompromised) main key and continue on.  They can read your old mail, but not the new, and notably cannot make signatures as you, and cannot make new keys as you.

As a side note, when doing a key signing with someone, I send them a message and request they sign it to prove ownership of the key.  I require that this signature comes from the main key - that's the key I'm signing, so that's the key I need to prove ownership of.  The subkeys are not really relevant here.

David

More information about the Gnupg-users mailing list