using various subkeys

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Tue Aug 20 16:36:01 2002 

--=-2RZL6qjtlQRPmswKTFWI
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Yo!

In a recent thread I picked up the idea of using multiple subkeys
instead of entirely different key pairs. I just want to be sure I
understand all implications of what I want to do - no need to get my
keys killed...

Basically I have a computer at home, regarded secure, and computers that
are less secure. Primary concern is signing, I rarely use encryption. I
want to use the same key everywhere without letting somebody compromise
my primary key.

So I
 - generate a key with the default settings (DSA/ElG)
 - add a second subkey (DSA)
 - --export-secret-subkeys
 - import this into a new keyring and delete the encryption subkey.
   (the primary secret key contains no cryptographical data, right?)
 - transfer this keyring onto the not-so-secure machine and use it just
   as I would a normal key. gpg automatically selects the signing subkey
   to sign, as it cannot use the primary one.

Wishlist items:=20
 - it would be nice if --export-secret-subkeys would accept the
   <subkey-id>! syntax and only export a stripped secret key with that
   subkey.=20
 - It should be made really clear that the primary of such a key is a
   dummy and does not contain the secret key (--list-secret-keys
   output etc.).

Possible issues - I hope I understand this correctly:
 - Keyservers will not work with my new key. (Except LDAP)
 - PGP users can verify such signatures from version ???
 - gpg users can verify such signatures from version ???
 - There is no way to tie a subkey to a userid (if I were to
   use encryption subkeys, this would be a hint 'if you mail me
   at this address, use that subkey).
 - if the subkey is compromised, the attacker can sign documents with=20
   it (of course).
 - if the subkey is compromised, the attacker can sign other keys with
   it (I believe. Or can a key only be signed with the primary?)
 - If I were to import a dummy-primary key into my master keyring, gpg
   merges the keys just right.
 - all this does not affect the management of the user ids in any way.
 - when the primary secret key is available, gpg will by default use
   it and not the additional signing subkey.

Comments? I think I will document this setup with its pros and cons
compared with just using multiple keypairs. Once I am sure that I want
to implement it, that is.

cheers
-- vbi

--=20
secure email with gpg                         http://fortytwo.ch/gpg

--=-2RZL6qjtlQRPmswKTFWI
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA9YlQgwj49sl5Lcx8RAoC6AKCMT3UDzKvPw2DNQ1UeimmTJDm/CQCeLW2u
UbCEzcXD+xQpssn3sPKLulk=
=HeDF
-----END PGP SIGNATURE-----

--=-2RZL6qjtlQRPmswKTFWI--