implications of subkeys?

Steve Butler sbutler@fchn.com
Wed Feb 27 16:57:01 2002 

Has anybody written a tutorial on this?  

I think I finally figured out the Public/Private key <<grin>> but when
Master and Subkeys are added, then I'm lost.

Frank put up this nice starting point:
Primary Key
  ->uid1
    -> you sign
    -> bob signs
    -> alice signs
  -> uid2
    -> you sign
    -> charlie signs
  -> subkey1
    -> you sign
  -> subkey2
    -> you sign

But I still have a lot of questions.  May I presume that the signing key is
the Master Private Key?  Are the private subkeys signed or is it just the
public subkeys?  Did that question make any sense?

How then do signing subkeys enter the picture?

Perhaps if one of the professors would sigh, groan, and pull out the
chalkboard - oops, showing my age - pull out the whiteboard and walk us
through a couple of examples we might catch on to the possibilities here.

--Steve
Oracle DBA
First Choice Health Network

 -----Original Message-----
From: 	Nick Andriash [mailto:andriash@telus.net] 
Sent:	Wednesday, February 27, 2002 7:27 AM
To:	GnuPG Users
Subject:	Re: implications of subkeys?

Hello Alex,

On Wednesday, February 27 2002 at 05:25 AM PDT, you wrote:

> Others can't sign a subkey (or a primary key)- they sign  the UIDs which
are
> atatched to a primary key.

Alex, Frank and Dizss... That sounds simple enough, and thank you. I
think another aspect which is confusing to me is the term "Master
Signing Key", and then "signing subkey", which is, as I understand it,
something PGP doesn't offer. So, in an attempt to understand this,
myself and other people sign my UID(s), while my (owner) signature is
also attached to any subkey, be it signing or encryption, correct?

What is the purpose behind a signing subkey, and how does it differ from
the Master (Private) Key which I presume is also used for signing... or
are they one in the same? Can one change a signing subkey without it
affecting the Master Key? Can others still verify your signature even if
you change your signing subkey without having to issue a new Public Key?


-- 
Nick Andriash
Courtenay, B.C. Canada



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.