decrypt : primary key or subkey ?

David SMITH dave.smith at
Thu Jun 7 16:00:49 CEST 2007

On Thu, Jun 07, 2007 at 12:31:19PM +0200, Bruno Costacurta wrote:
> Hello David,
> (note: I'm able to revoke this subkey (done but not sent to keyserver yet)).

Do you mean that you have already generated the revocation certificate
previously, or that you have just generated one now?

> The problem is that subkey comes alone and automatically when keypair is 
> generated (and related keyring created).
> During creation there is only one password required which is linked to the 
> primary key. My secret key and related password are OK.

You only have one passphrase to protect the primary key; this passphrase
automatically protects all of its subkeys.

(Actually, I think that the passphrase protects the keyring file rather
than the key, but ICBW).  The fact that you don't have a separate
passphrase for your subkey is normal and not a problem.

> Where in this process is the secret part (and related password) of subkey 
> specified ?

As I mentioned, you don't have a separate password.

Public and secret parts are always generated together; they cannot be
generated separately.

> How to specify correct attributes for subkey like encrypt & decrypt ?

Public parts are always used for encryption, and private parts are
always used for decryption.  There is an exception to this, where some
keys are used for signing, but I am ignoring this since you are talking
about keys generated for en/decryption.

There is no point in generating a key for encryption but not decryption -
they are always generated as a pair - public for encryption, and secret
for decryption.  If you think about it, any other scheme is nonsensical.
For example, encrypting with the secret key would mean that anyone could
decrypt the encrypted message (since the public key is, well, public).

The secret key can't be generated from the public key, for obvious

Somehow I think you've lost the secret part of the subkey.

David Smith        | Tel: +44 (0)1454 462380    Home: +44 (0)1454 616963
STMicroelectronics | Fax: +44 (0)1454 462305  Mobile: +44 (0)7932 642724
1000 Aztec West    | TINA: 065 2380          GPG Key: 0xF13192F2
Almondsbury        | Work Email: Dave.Smith at
BRISTOL, BS32 4SQ  | Home Email: David.Smith at

More information about the Gnupg-users mailing list