There are actually two public keys?

David Shaw dshaw at
Sun May 17 01:34:09 CEST 2009

On May 16, 2009, at 5:33 PM, Lucio Capuani wrote:

> Hello everybody and thank you for reading. I have a pretty good  
> understanding of how asymmetric cryptography works in general.  
> Nevertheless, the fact that GPG uses "two keys", I mean a main key  
> and a subkey, confuses me. Are those "two keys" the private/public  
> pair? Or it's else? The subkey is a public key (it must be); since  
> you use it for encryption, that's the one you *publish* to the World  
> so it can crypt stuff for you. So far so good. Now for the other  
> key. Is that to be meant as the "private" key, since is the one  
> that's used for signing? Since that is also the key that people do  
> sign; I think the answer is NO, but I'm not sure. My idea is that  
> *both of those keys are public keys*; one of those public keys is  
> used by other to crypt stuff (the "sub", as seen above) and the  
> other is used to VALIDATE your signature; and that's the one people  
> do sign to acknowledge that that it's yours. So, that key is public  
> too!

Exactly right.  In your example, both the primary key and the subkey  
are public keys.

Basically, you can have multiple public/private key pairs.  When  
people say "public key" in the OpenPGP world, they generally mean "My  
public primary key, and any public subkey(s)".  Similarly, when people  
say "secret key" or "private key" in the OpenPGP world, they generally  
mean "My secret primary key, and any secret subkey(s)".

The common OpenPGP key of a primary key and one subkey is 2 key pairs:  
the public primary, and its secret, and the public subkey, and its  
secret.  Each additional subkey is a public/private key pair on its own.


More information about the Gnupg-users mailing list