Question on subkeys usage and OpenPGP card. - warning, quite lengthy

David Shaw dshaw at jabberwocky.com
Tue Mar 4 01:47:01 CET 2008 

On Mar 3, 2008, at 4:59 PM, Neal Dudley wrote:

> I have read that it is good practice to create a primary signing  
> key, and
> then use subkeys on the card.  This is the recommended method for  
> setup of
> the FSFE card, which is just a fancy skin on the OpenPGP card.  My  
> problem
> is that now I have a DSA primary key on trusted media in a safe  
> location,
> which I have to retrieve for any key signing I want to perform.  I  
> cannot
> simply sign the keys with the signing subkey stored on my OpenPGP  
> card.
>
> Are there any security implications for using the same signing key for
> normal document signing *and* key signing?

There are only minor security implications to this.  The main reason  
why you use the primary key to sign keys (called "certification", by  
the way) is semantic.  Identity in OpenPGP is a key plus a user ID.   
That key, given the way keys are laid out, is the primary.  The  
primary is what certifies (self signs) the user ID.

It is mathematically possible to certify a user ID with a subkey, but  
semantically that subkey isn't part of your identity, so the  
certification is not used.

> This brings me to my last question.  Let us assume that I create a  
> primary
> signing key with an expiration.  I then get that key signed by several
> people.  When the expiration date is near, do I simply create a new  
> signing
> key and sign it with the original key (before it expires, of  
> course)?  Is
> the new key then considered just as trusted as the original key,  
> which has
> all the signatures on it?  Is there any method for transferring the
> signatures to the new key, or would the new key have to be resigned by
> everyone that signed the original?  Using the default WoT model,  
> doesn't
> this mean that every third time the key is renewed, it would not be  
> trusted
> and would need to be resigned by everyone that signed the previous  
> key?

No, you do not need to make a new key or do anything like that.  If  
and when your key expires, you can simply extend the expiration date  
as needed.  OpenPGP has "soft" key expiration that can be changed at  
will by the keyholder.

David

More information about the Gnupg-users mailing list