implications of subkeys?

Steve Butler
Thu Feb 28 23:58:01 2002

After thinking this over and using gpg to generate some keys today I have a
slightly better understanding:
  * generated a 1024 bit sign only DSA master key pair
  * added a 2048 bit encrypt only ELG sub key pair
  * added a 1024 bit encrypt only ELG sub key pair
  * added 2 1024 bit sign only DSA sub key pair

I suppose I could have used two ELG keys with sign/encrypt capability
instead of the four sub keys.

Now, I take it that the 3rd party must know the exact key ID I wish them to
use.  If somebody sends files both to me at home (pleasure) and at work
(business) then they must know enough to specify different key ID.  If I
remember the discussion from earlier in the week the email/user ID is not
attached to a specific sub key.

And I take it that for signing I have to specify the particular key ID on
the --local-user option rather than just allowing it to sign with the
default (which would probably be the master key).

However, to verify my signature the recipient need only to have my public
key with all of the sub-keys.  The software will know which key ID was used
to sign and will automatically use the correct public sub-key.  Likewise,
when I receive an encrypted file the software will know which public sub-key
they used to encrypt the data and will use the corresponding private
sub-key.  All private keys (master and sub-keys) are protected with the same
pass phrase.

Or have I fallen off the deep end again?  

Stephen M Butler
Oracle Administrator
First Choice Health Network
Seattle, WA

CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.