Question on subkeys usage and OpenPGP card. - warning, quite lengthy

Neal Dudley neal.dudley at utoledo.edu
Mon Mar 3 22:59:31 CET 2008 

Why can keys not be signed with a signing subkey rather than a primary
signing key?  I just learned of this after going to my first signing party.
Perhaps I have misunderstood the purpose of subkeys.

I have read that it is good practice to create a primary signing key, and
then use subkeys on the card.  This is the recommended method for setup of
the FSFE card, which is just a fancy skin on the OpenPGP card.  My problem
is that now I have a DSA primary key on trusted media in a safe location,
which I have to retrieve for any key signing I want to perform.  I cannot
simply sign the keys with the signing subkey stored on my OpenPGP card.

Are there any security implications for using the same signing key for
normal document signing *and* key signing?

Would it be any less secure to:
1) generate the primary signing key as a 1024 bit RSA key,
2) create the encryption and authentication keys as 1024 bit RSA subkeys of
the signing key, and
3) copy all of these keys to the OpenPGP card?

I would also create all the keys using a machine with no network interfaces,
booted from a trusted livecd.  This procedure should allow me to make a
backup copy of my private keys to removable media (usb drive or burn a CD),
just in case the card is somehow damaged.  It would also afford me the
security and usefulness of the card for everyday use (as well as allow me to
sign keys using the card).  However, then I have to go meet everyone again
to sign my new primary signing key.

This brings me to my last question.  Let us assume that I create a primary
signing key with an expiration.  I then get that key signed by several
people.  When the expiration date is near, do I simply create a new signing
key and sign it with the original key (before it expires, of course)?  Is
the new key then considered just as trusted as the original key, which has
all the signatures on it?  Is there any method for transferring the
signatures to the new key, or would the new key have to be resigned by
everyone that signed the original?  Using the default WoT model, doesn't
this mean that every third time the key is renewed, it would not be trusted
and would need to be resigned by everyone that signed the previous key?
Yes, I have RTFM, and several mailing list postings, but I'm still a bit
unclear on these questions.

If you are still reading this - thank you for your time!  I look forward to
your reply.

More information about the Gnupg-users mailing list