Why a subkey?
Robert J. Hansen
rjh at sixdemonbag.org
Sat Feb 24 19:42:09 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> On FC4 with gpg 1.4.1:
Please upgrade. There have been a couple of security updates since
1.4.1.
> It says the key cannot be used for encryption, and a
> subkey must be generated. Why?
Why must an encryption subkey be generated? Because you don't have
one. If you mean "why doesn't GnuPG create an encryption subkey at
the same time it creates a signing subkey, the way it does for DSS/
ElGamal keypairs", for that one you'd have to ask the developers.
It's never made a lick of sense to me, myself.
> If so, why was (sign and encrypt) not offered as an option?
Having one key that can be used for both signing and encryption
operations is thought by some to be bad crypto policy. The problems
with it appear to be mostly theoretical, though.
> I did this a year or two ago, and I do not remember
> needing a subkey. I still have that keyring in
> under another user.
If your other key was DSS/ElGamal, that's because GnuPG created the
additional subkey for you at the same time as your signing subkey. :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iQEcBAEBCAAGBQJF4IcBAAoJELcA9IL+r4EJ7yEH/jhlcNgLfmiptvSd238r9Ox5
89TNIXp0O4hb0hcps8nOTax7Y1k1JFGKR1UetTtExUSGmqHqYAn5mFj1RJCLkhl1
3WKxONKHHyzx1rDdXm58veaEUdr+BFwrNwjTSioqosw40k37Wng1/kMN+KTfkA1i
8DYGIEs6X5zswIAET3BDsDUpdXp5XHBlpg2W+DevNOXACpA20TOy8yFYoSXVbg5O
HcpeqVJvvtPBIYkC77OWER4Eb5GQ/nD0BNWTeC0F0JBSflR6vYkNgi8hf6sqZGih
ojd+qJDVJNxoUNuS+6/hZVbbpmX49HlQJHuzhcvf3mlPmrpzw6wo7rRE2cIlj3U=
=LIcg
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list