implications of subkeys?

Steve Butler sbutler@fchn.com
Fri Mar 1 16:36:01 2002


I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG
encrypt sub-keys and the 2 DSA sign sub keys.  However, there was some note
about the ELG sign/encrypt being depreciated.  I'm not sure what that really
means in this case but the dictionary definition implied this was a bad
thing!

The more comments I read, the closer I come to believing the best bet is a
key set for work and a totally separate key set for home.  Or more
precisely, a personal set and a business set.

Now, it does appear to me that the default mechanism GPG uses to build the
keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend
itself to keeping the DSA around as long as possible while putting a life on
the ELG sub-keys.  

However, if the authorities came and asked for my decrypting key, I'm not
sure I'd know how to pull only the ELG sub key (private piece) out to give
to them without also letting them have the DSA private key.

--Steve

PS  Thanks for everybody who has chipped in on this discussion as it sure
has increased my understanding of the black box.



-----Original Message-----
From: David Shaw [mailto:dshaw@jabberwocky.com]
Sent: Thursday, February 28, 2002 3:57 PM
To: GnuPG Users
Subject: Re: implications of subkeys?


On Thu, Feb 28, 2002 at 02:55:26PM -0800, Steve Butler wrote:
> After thinking this over and using gpg to generate some keys today I have
a
> slightly better understanding:
>   * generated a 1024 bit sign only DSA master key pair
>   * added a 2048 bit encrypt only ELG sub key pair
>   * added a 1024 bit encrypt only ELG sub key pair
>   * added 2 1024 bit sign only DSA sub key pair
> 
> I suppose I could have used two ELG keys with sign/encrypt capability
> instead of the four sub keys.

Yes, but then you would have had two "keys" in the keyservers and on
people's keyrings.


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.