Changing subkeys: what impact does it have?

Faramir faramir.cl at gmail.com
Thu May 15 19:44:36 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Shaw escribió:
> On Thu, May 15, 2008 at 11:00:14AM -0400, Faramir wrote:
>> Hello!
>>       If I make 1 subkey for signing, and another one for encryption,
>> and after a while I delete them and make a new subkey's pair, would I be
>> able to read messages encrypted to me with the old pair?
> 
> No.  If you delete the encryption subkey, then you will not be able to
> decrypt.  The signing subkey is not involved in encryption, so you can
> delete that one without affecting encrypted messages.

  Even if I make a new subkey for encryption? I mean, the idea is to
replace an "old" pair of subkeys (maybe compromised), with a new pair,
one for signing, and other for encryption. I figure I can revoke the
subkeys, and keep them, but if they are very shot lived, I would end
having a lot of useless subkeys... so if I could just replace them, I
could revoke them, notify a keyserver about their revoked status, and
then delete them...

>> Does my public
>> key change when I add or delete a subkey?
> 
> Aside from the obvious addition or removal of a subkey, no.

  So... including the addition of a subkey, it does change?

  I will try an empirical approach to this subject... wish me good luck :P
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJILHaEAAoJEIISGkVDGUEOxlUH/RLtEF3DQ+07dIqMl8aSB5uY
QpbrljKRnzrD7d+uDmbjl2tNtGerCrt9v7bwFF43aSQnCet2f3QrKjEhGM8KXUHp
5BcwROZrcgR0JF7YSjlHsxPJCKxNA7J2PnEVeS0IV0lwCNEspm843IeA5JowIf3i
F3t3+ljrvTGE9w8OehlqhJXl1P4gXYzCJ0BmVx95l0xIURoSwPlQu7LdrkKCQFZd
50WIBFXZACsujg57qWt2bhvk95XAQdPmdMd1S7rj0XrH4rb3dlXLEwbNzhTefjcB
tXT8DrfZaa7Mb5QSOFUcG3yOrzOFq8NPXGfnVk7lB0pww7+xbdCEfMfTOBLi250=
=5I12
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list