Clarification on purpose of subordinate keys

Werner Koch wk at
Thu Mar 31 10:47:14 CEST 2005

On Wed, 30 Mar 2005 13:53:47 +0200, Dirk Traulsen said:

> This sounds interesting. Please help me to clarify it a bit.
> After some tests and reading in my understanding it works like this:



> When system2 would be cracked, an attacker would not have access to 
> the secret part of my main key (really?).

Correct.  The secret key is not on system2.  This is indicated by a
hash mark like:

  sec#  1024D/5B0358A2 1999-03-15 [expires: 2009-07-11]
  uid                  Werner Koch <wk at>
  uid                  Werner Koch <wk at>
  ssb   1024D/010A57ED 2004-03-21
  ssb   2048R/B604F148 2004-03-21
(A similar thing is with smartcards, there a '>' indicates that the
 secret key is actually stored on a smartcard).

> But for me it would still be possible to go to system1 and
> a.  change my passphrase
> b.  revoke the compromised subkeys
> c.  add new subkeys and start the cycle again 
> without loosing all the signatures on my uid in the primary key, what 
> would have been the case, if I had to revoke the complete key.


> The only negative point is, that I have to go to system1 to maintain 
> my key.

> Is this correct?




More information about the Gnupg-users mailing list