implications of subkeys?

David Shaw
Fri Mar 1 17:04:02 2002

On Fri, Mar 01, 2002 at 07:32:29AM -0800, Steve Butler wrote:
> I was really thinking of 2 ELG sign/encrypt sub-keys instead of the 2 ELG
> encrypt sub-keys and the 2 DSA sign sub keys.  However, there was some note
> about the ELG sign/encrypt being depreciated.  I'm not sure what that really
> means in this case but the dictionary definition implied this was a bad
> thing!

In this particular case, it means "Don't use these." :) ElGamal
signatures are somewhat controversial.

> Now, it does appear to me that the default mechanism GPG uses to build the
> keys (a DSA sign pair and an ELG encrypt pair as a sub-key) really does lend
> itself to keeping the DSA around as long as possible while putting a life on
> the ELG sub-keys.  

Yes.  That's a good thing, as the DSA primary (plus your user ID) is
what ties you into the web of trust.  You'd want that key to stay
around for a long time, if not forever.

> However, if the authorities came and asked for my decrypting key, I'm not
> sure I'd know how to pull only the ELG sub key (private piece) out to give
> to them without also letting them have the DSA private key.

You can do it with "gpg --export-secret-subkeys".

However, that allows the authorities to decrypt everything sent to
that key (which is a reason right there to change your encryption key
every now and then).  You can reveal the session key for a single
message with --show-session-key.

Seriously, though - if that happens, call a lawyer before you do
anything, and then call the EFF.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson