The parts of a key?

Neil Williams linux at
Thu Dec 9 00:26:07 CET 2004

On Wednesday 08 December 2004 10:12 pm, Chris De Young wrote:
> Could someone point me to documentation describing the architecture of a
> key pair, and what gets used for what?  Specifically, the role of sub-keys.

The subkey below is the encryption key. The public key is a signature key. 
When someone encrypts to you, the encryption key is chosen.
When you sign a file, the signature key is chosen.

Different algorithms have different strengths.

This is different to the 'key-pair' - a term usually meaning the public key 
and the secret key.

You have a public key containing a signature subkey and an encryption subkey.
You have a secret key containing the corresponding secret subkeys.

> I have:
> $ gpg --list-keys chd
> pub  1024D/379E6244 2001-09-28 Chris De Young <chd at>
> uid                            Chris De Young <chd at>
> uid                            Chris De Young <chd at>
> sub  2048g/E0BEF64A 2001-09-28
> Someone sent me a message encrypted with E0BEF64A instead of 379E6244, and
> I realize that I don't fully understand the differences and functions of
> these key parts...

A default key generation gives a strong signature key and a strong encryption 
key, but the keys themselves use different algorithms - playing to the 
respective strengths. Anyone encrypting to you using 379E6244 will always 
actually encrypt to E0BEF64A. It makes no odds, E0BEF64A is the encryption 
part of 379E6244 and your secret key for 379E6244 can decrypt the message.

You can add subkeys for other purposes - like a short expiry, preference for 
an algorithm, as well as adding UID's. Many keys are just like yours - one 
pub and just one sub.


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041208/4d430bd0/attachment-0001.bin

More information about the Gnupg-users mailing list