implications of subkeys?
Fri Mar 1 08:05:01 2002

Hash: RIPEMD160

Steve Butler wrote:
> After thinking this over and using gpg to generate some keys today I have a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

ELG sign/encrypt keys is not supported by PGP (except 658ckt06)

> Now, I take it that the 3rd party must know the exact key ID I wish them to
> use.  If somebody sends files both to me at home (pleasure) and at work
> (business) then they must know enough to specify different key ID.  If I
> remember the discussion from earlier in the week the email/user ID is not
> attached to a specific sub key.

unlike GPG, PGP does not allow to select to which subkey to encrypt,
PGP always encrypts to newest one.

> And I take it that for signing I have to specify the particular key ID on
> the --local-user option rather than just allowing it to sign with the
> default (which would probably be the master key).

I'm not sure, but I think GPG will sign with subkey by default if there is one.

> However, to verify my signature the recipient need only to have my public
> key with all of the sub-keys.

it's enough with signing subkeys.
but again PGP cannot verify signatures made with subkeys
(except 658ckt07 and maybe 7.x(but I'm not sure about it))

>  The software will know which key ID was used
> to sign and will automatically use the correct public sub-key.


>  Likewise,
> when I receive an encrypted file the software will know which public sub-key
> they used to encrypt the data and will use the corresponding private
> sub-key.


>  All private keys (master and sub-keys) are protected with the same
> pass phrase.

yes. normally.

different passprase can also be set (at least with 658ckt06),
I think it's wery cool furture :)

GPG also can use different passprase for key and subke(s),
but it's difficult to set different passprases with GPG,
for example, if you have 2 subkeys, you have to:

export to file0
delete subkey 2
set passphrase 1
export to file1
delete key
import from file0
delete subkey 1
set passphrase 2
export to file2
delete subkey 2
set passphrase 0
import from file1
import from file2
wipe file0, file1, file2

now the key will be protected with passprase 0, subkeys with passprases 1 and 2 :)

Disastry <----PGP plugins for Netscape and MDaemon
 ^----PGP 2.6.3ia-multi05 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
      AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1