Questions about subkeys acrobatics (from Adrian von Bidder article)

Boix Ricart Marc mricart at
Thu Nov 13 14:08:05 CET 2003

Hi all,

I've read an article wrote by Adrian von Bidder 
(from )
I don't understand a concrete idea concerning encryption subkeys.

Adrian wrote:
First, distributing secret subkeys this way (one subkey for each 
account/machine you use) only makes sense with signing subkeys. You can 
have multiple encryption subkeys, but you can't force people sending you 
encrypted mail using a specific subkey. Naturally, if you're using 
encryption for yourself, you can chose the encryption key to use with the 
"keyid!" syntax. The presence of multiple encryption subkeys is, however, 
useful if you revoke an older one to replace it with a new one.

If I've understood the manoeuvre, you encrypt and sign from an insecure 
machine (signing with a subkey available only in this machine)  and the 
receptor can decrypt your signature (with the subkey pair available in your 
public key file).

So, why not encrypt with all encryption subkeys (signed with the primary 
key) available in the public key?? (like encrypt a message addressed to 
several GPG users, each with a personal public key)
Is GPG not implemented to encrypt a message with all the subkeys for 
encryption available in an imported public key??
Is not interesting to have this feature?? why??

Thanks for you feed-back,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20031113/f63ce46c/attachment.htm

More information about the Gnupg-users mailing list