Why subkeys?

Brian M. Carlson bmc@crustytoothpaste.ath.cx
Fri Oct 11 11:54:25 2002


--E/DnYTRukya0zdZ1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 10, 2002 at 03:20:37PM -0700, Doug Gorley wrote:
> After watching this list for a weekor so now, I'm curious about the use
> of subkeys with GnuPG.  I don't have any subkeys, or at least I haven't
> explicitly created any.  What is to be gained by subkeys on a key ring?=
=20
> What is the relationship between subkeys and the "master" key?  Any
> insight here would be greatly appreciated.

Subkeys are keys that are attached to a primary key. Your key, A221559B,
has a subkey.

pub  1024D/A221559B 2001-12-09 Doug Gorley <douggorley@shaw.ca>
sub  1024g/FE0E7CFB 2001-12-09

If you look at the line "pub", it lists the public primary key. This key
is a DSA key (note the "D"). DSA keys can only sign, because DSA is only
capable of signing. If you look at the line "sub", you see the public
subkey. Subkeys can be capable of signing, or encryption, or both,
depending on their algorithms. This particular subkey is an Elgamal
encrypt-only (note the small g). If it were a capital G, it would be
capable of signing too (I know, I know, I just had to get it in there).

Subkeys can be revoked independently of each other and independently of
the primary key. They can also be set to expire after a certain time.
Some keyservers (notably pksd < 0.9.6) tend to butcher keys with
multiple subkeys.

You're fine. Your key does what it needs to, I'm sure, and there's
probably no need to change it.


--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
Lo!  Men have become the tool of their tools.
		-- Henry David Thoreau

--E/DnYTRukya0zdZ1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQFKBAEBAwA0BQI9pjILLRpodHRwOi8vZGVjb3kud294Lm9yZy9+Ym1jL29wZW5w
Z3AvcG9saWN5LnRleAAKCRDlkf/JVgVT59LOB/0TXoMZeNbdvy6N+yOmwexEcX+T
PyhT1SMf7wwdMuilu1lBTZ8jb8yn+2hpCgZdXNjyzRwsnQC3TBSuHyI28CBfUPRi
PN7nfSwfioroXSdU5f/uzMPXgA0ug58votusJUpmCorZbQeW7piTaWd2vtUcGzag
oxjMgvdmx90gO/MOF3jV2s4DomLtI2Pf/t0wYsWZ6Dr6VODy8zPwGla711BHZcq/
017lse2bfCDcazMRcpzXadN+Fj7jSMru+a1bDVwGnXlOphKEOjqBdpWru5PHt4lQ
3hCkFx2nCqrryd1kcgaxEKS+piXXpvfPpxbtayZllDtGUlw7EyBjglfK4ibd
=aDKF
-----END PGP SIGNATURE-----
Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex

--E/DnYTRukya0zdZ1--