implications of subkeys?

David Shaw
Fri Mar 1 00:59:01 2002

On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote:
> After thinking this over and using gpg to generate some keys today I have a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

Yes, but then you would have had two "keys" in the keyservers and on
people's keyrings.

> Now, I take it that the 3rd party must know the exact key ID I wish them to
> use.  If somebody sends files both to me at home (pleasure) and at work
> (business) then they must know enough to specify different key ID.  If I
> remember the discussion from earlier in the week the email/user ID is not
> attached to a specific sub key.

Correct.  If they do not specify a particular key to encrypt to, GnuPG
will make a reasonable guess for which subkey to use (it uses the one
with the most recent signature, which generally means the most
recently created key).

Generally this is not an issue since people usually don't have very
many active encrypting subkeys at the same time.  Usually there is
only one, and a new one is added some time before the first expires.
Once the new one is widely distributed the old one is revoked or
allowed to expire.

If you are intend to use different keys for home and work, that
particular case sounds like it would be more convenient to use two
different full keys.

> And I take it that for signing I have to specify the particular key ID on
> the --local-user option rather than just allowing it to sign with the
> default (which would probably be the master key).

Mostly correct.  GnuPG is biased internally towards subkeys.  If you
don't specify otherwise, it will use a subkey over the master key if
possible.  To specify a particular key, you can use --local-user and
append an exclamation mark to the key id.  This means "Don't try and
figure out which subkey to use.  Give me this exact key id."

> However, to verify my signature the recipient need only to have my public
> key with all of the sub-keys.  The software will know which key ID was used
> to sign and will automatically use the correct public sub-key.  Likewise,
> when I receive an encrypted file the software will know which public sub-key
> they used to encrypt the data and will use the corresponding private
> sub-key.  All private keys (master and sub-keys) are protected with the same
> pass phrase.

All correct.  It would be sort of interesting to be able to have
different passphrases for different subkeys, and there is nothing in
the standard that prevents it, but GnuPG doesn't do it now.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson