Clarification on purpose of subordinate keys

Werner Koch wk at gnupg.org
Tue Mar 29 11:15:56 CEST 2005


On Mon, 28 Mar 2005 09:27:27 -0500, John Harrold said:

> given the time frame it probably happened when I was trying to unexpire the
> key F65A739E. Can you elaborate on the reasons for using a separate key for
> signing messages?

It is mostly useful if you keep your primary key offline
(cf. --export-secret-subkeys).  In the case of a key compromise, you
would only need to revoke the existing subkeys and create new subkeys.
This saves you all the key signatures (Web Of Trust) as they are
signing the primary key only.


Shalom-Salam,

   Werner




More information about the Gnupg-users mailing list