Info on sub keys?

Alphax alphasigmax at
Sat Jun 3 19:32:19 CEST 2006

Felix E. Klee wrote:
> I've a couple of newbee questions concerning sub keys:
> * Aside from convenience, is there any difference between a sub key and
>   an ordinary key signed with the master key?

A subkey cannot issue a certification signature - at least not in any
known implementations.

> * Can such an ordinary key be transformed into a sub key?

Yes, with difficulty. See
for details.

> * Since when (date and version) does PGP and since when does GnuPG
>   support signing sub keys?  I ask because I read that old versions, at
>   least of PGP, support only encryption sub keys, not signing sub keys.

PGP 8 supports signing subkeys; no other offical version of PGP before
then does. It's possible that 6.5.8ckt and 2.6.3ia supported them as well.

> * Are signing sub keys part of the OpenPGP standard?

Yes. They wouldn't be in GPG if they weren't.

> * One can include any number of sub keys into a key, right?  I ask
>   because I recall reading that there was/is some problem with key
>   servers and sub keys.

PKS keyservers (pre version  0.9.6) had a bug that mangled keys with
multiple subkeys. Fortunately they are mostly SKS and/or newer than this
now. However, most versions of PGP will ignore the key flags on an RSA
subkey, so you may end up getting messages encrypted to your signing

> If there is any good documentation on sub keys, aside from technical
> specifications (such as RFC 2440), then please let me know.

Adrian von Bidder wrote an excellent tutorial on subkeys at

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060604/4c6ce178/signature.pgp

More information about the Gnupg-users mailing list