implications of subkeys?

JanuszA.Urbanowicz JanuszA.Urbanowicz
Wed Feb 27 17:44:01 2002 

Nick Andriash wrote/napisa=B3[a]/schrieb:
> Hello Alex,
>=20
> On Wednesday, February 27 2002 at 05:25 AM PDT, you wrote:
>=20
> > Others can't sign a subkey (or a primary key)- they sign  the UIDs whic=
h are
> > atatched to a primary key.
>=20
> Alex, Frank and Dizss... That sounds simple enough, and thank you. I
> think another aspect which is confusing to me is the term "Master
> Signing Key", and then "signing subkey", which is, as I understand it,
> something PGP doesn't offer. So, in an attempt to understand this,
> myself and other people sign my UID(s), while my (owner) signature is
> also attached to any subkey, be it signing or encryption, correct?

It goes like this: a *default* OpenPGP _public_ key consists of two keys
actually:

- Primary public key (signing key for Digital Signature Algorithm/Standard)
- - one encrypting subkey/secondary public key (encryption key for a varian=
t of
    Diffie-Hellman/ElGamal algorithm).

This public subkey is bound to the primary key by signature made by a secret
key correpsonding with the primary (DSS) key.

You may add any number of subkeys which may be either signing subkeys or
encrypting keys.=20

Please note that the term 'signing [sub]key' when talking about public key =
is
a simplification/jargon. Those are actually public keys for _verification of
signatures_, not for making them.

> What is the purpose behind a signing subkey, and how does it differ from
> the Master (Private) Key which I presume is also used for signing... or
> are they one in the same?

You mix two things: every key in public key cryptography has two parts -
private (also called secret) and public. This applies to all keys. Thus
getting back to the example, the public key I described above has a secret
counterpart which consist of private DSA key (the real signing one) and a
private decryption subkey - a counterpart of the encryption public subkey.

The point is that the subkeys are a feature of the protocol, the theory of
crypto does not imply them.

The signing subkey you may enter into the picture also will have a public
part that goes into the 'OpenPGP public key' (as used by the application)
and a secret one that goes into secring.

> Can one change a signing subkey without it affecting the Master Key?

Definitely yes. That's actually the point of the subkeys - you may revoke
them without losing all things associated with master key.

> Can others still verify your signature even if you change your signing
> subkey without having to issue a new Public Key?

Yes and no. When you create a signing subkey, you shoud reexport ypur public
key and send it to your correspondents so they will know that the  key
0xDEADBEEF is your signing subkey, but this won't make you lose your
previous keys - you may use them all at will. Selection of key to use when
encrypting to you is done by the encrypting software based on supported
algorithms.

But remember, your primary key ID is the keyid of your primary signing key.
You choose this when encryptiong and the software does the rest.

Alex
--=20
C _-=3D-_ H| Janusz A. Urbanowicz | ALEX3-RIPE | SF-F Framling |         | =
  *  =09
 ; (_O : +-------------------------------------------------------------+ --=
+~|=09
 ! &~) ? | P=B3yn=B1=E6 chc=EA na Wsch=F3d, za Suez, gdzie jest dobrem ka=
=BFde z=B3o | l_|/=09
A ~-=3D-~ O| Gdzie przykaza=F1 brak dziesi=EAciu, a pi=E6 mo=BFna a=BF po d=
no;     |   |  =20