Why subkeys?

Brian M. Carlson bmc@crustytoothpaste.ath.cx
Fri Oct 11 11:54:25 2002

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 10, 2002 at 03:20:37PM -0700, Doug Gorley wrote:
> After watching this list for a weekor so now, I'm curious about the use
> of subkeys with GnuPG.  I don't have any subkeys, or at least I haven't
> explicitly created any.  What is to be gained by subkeys on a key ring?=
> What is the relationship between subkeys and the "master" key?  Any
> insight here would be greatly appreciated.

Subkeys are keys that are attached to a primary key. Your key, A221559B,
has a subkey.

pub  1024D/A221559B 2001-12-09 Doug Gorley <douggorley@shaw.ca>
sub  1024g/FE0E7CFB 2001-12-09

If you look at the line "pub", it lists the public primary key. This key
is a DSA key (note the "D"). DSA keys can only sign, because DSA is only
capable of signing. If you look at the line "sub", you see the public
subkey. Subkeys can be capable of signing, or encryption, or both,
depending on their algorithms. This particular subkey is an Elgamal
encrypt-only (note the small g). If it were a capital G, it would be
capable of signing too (I know, I know, I just had to get it in there).

Subkeys can be revoked independently of each other and independently of
the primary key. They can also be set to expire after a certain time.
Some keyservers (notably pksd < 0.9.6) tend to butcher keys with
multiple subkeys.

You're fine. Your key does what it needs to, I'm sure, and there's
probably no need to change it.

Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
Lo!  Men have become the tool of their tools.
		-- Henry David Thoreau

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex