The parts of a key?
linux at codehelp.co.uk
Thu Dec 9 00:26:07 CET 2004
On Wednesday 08 December 2004 10:12 pm, Chris De Young wrote:
> Could someone point me to documentation describing the architecture of a
> key pair, and what gets used for what? Specifically, the role of sub-keys.
The subkey below is the encryption key. The public key is a signature key.
When someone encrypts to you, the encryption key is chosen.
When you sign a file, the signature key is chosen.
Different algorithms have different strengths.
This is different to the 'key-pair' - a term usually meaning the public key
and the secret key.
You have a public key containing a signature subkey and an encryption subkey.
You have a secret key containing the corresponding secret subkeys.
> I have:
> $ gpg --list-keys chd
> pub 1024D/379E6244 2001-09-28 Chris De Young <chd at chud.net>
> uid Chris De Young <chd at arizona.edu>
> uid Chris De Young <chd at scarrittgroup.com>
> sub 2048g/E0BEF64A 2001-09-28
> Someone sent me a message encrypted with E0BEF64A instead of 379E6244, and
> I realize that I don't fully understand the differences and functions of
> these key parts...
A default key generation gives a strong signature key and a strong encryption
key, but the keys themselves use different algorithms - playing to the
respective strengths. Anyone encrypting to you using 379E6244 will always
actually encrypt to E0BEF64A. It makes no odds, E0BEF64A is the encryption
part of 379E6244 and your secret key for 379E6244 can decrypt the message.
You can add subkeys for other purposes - like a short expiry, preference for
an algorithm, as well as adding UID's. Many keys are just like yours - one
pub and just one sub.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041208/4d430bd0/attachment-0001.bin
More information about the Gnupg-users