Confused about Sub keys.

Robert J. Hansen rjh at
Tue Jun 10 21:23:50 CEST 2008

Faramir wrote:
> Well, I made a mistake again... but the manual in that URL doesn't 
> show RSA keys... and when I executed the command gpg --gen-key I get
> the following options:

Typing something into GnuPG and learning what it does is great: it
teaches you that GnuPG tends to create different keypairs for encryption
and signing.  However, it doesn't teach you _why_, and it's dangerous to
generalize from just that small of an example.

Originally, PGP 2.6 used one keypair to do everything.  OpenPGP changed
it to two keypairs, one for signing and one for encrypting, for one and
only one reason:


Most technical standards committees have a lot of flerbage -- ideas that
have a lot of people backing them, although there's a great diversity of
opinion about why these ideas should be backed.

Some people thought separate keys gave increased resistance to
cryptanalysis.  Some people thought separate keys were cool.  Some
people thought it would be good for the future extensibility of OpenPGP.
 Some people thought it would be good to allow people to let a signing
subkey expire, while leaving the encryption subkey good for the
indefinite future.  Some people needed DSA, and since DSA is a sign-only
algorithm they needed a separate keypair for encryption.  Some people
said "well, PGP 5 does it this way and we need to be compatible."

Etc., etc.

The upshot is "a lot of people thought it was a good idea, even though
there was no clear consensus on why."

Warning: it's been years and years since this discussion took place
within the OpenPGP WG.  While my recollection is there was no clear
consensus on why it was a good idea, it would not be impossible for my
memory to be in error.

More information about the Gnupg-users mailing list