Brian M. Carlson
Fri Oct 11 11:54:25 2002
Content-Type: text/plain; charset=us-ascii
On Thu, Oct 10, 2002 at 03:20:37PM -0700, Doug Gorley wrote:
> After watching this list for a weekor so now, I'm curious about the use
> of subkeys with GnuPG. I don't have any subkeys, or at least I haven't
> explicitly created any. What is to be gained by subkeys on a key ring?=
> What is the relationship between subkeys and the "master" key? Any
> insight here would be greatly appreciated.
Subkeys are keys that are attached to a primary key. Your key, A221559B,
has a subkey.
pub 1024D/A221559B 2001-12-09 Doug Gorley <firstname.lastname@example.org>
sub 1024g/FE0E7CFB 2001-12-09
If you look at the line "pub", it lists the public primary key. This key
is a DSA key (note the "D"). DSA keys can only sign, because DSA is only
capable of signing. If you look at the line "sub", you see the public
subkey. Subkeys can be capable of signing, or encryption, or both,
depending on their algorithms. This particular subkey is an Elgamal
encrypt-only (note the small g). If it were a capital G, it would be
capable of signing too (I know, I know, I just had to get it in there).
Subkeys can be revoked independently of each other and independently of
the primary key. They can also be set to expire after a certain time.
Some keyservers (notably pksd < 0.9.6) tend to butcher keys with
You're fine. Your key does what it needs to, I'm sure, and there's
probably no need to change it.
Brian M. Carlson <email@example.com> <http://decoy.wox.org/~bmc> 0x560553=
Lo! Men have become the tool of their tools.
-- Henry David Thoreau
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Ubi libertas, ibi patria.
-----END PGP SIGNATURE-----
Signature policy: http://decoy.wox.org/~bmc/openpgp/policy.tex