There are actually two public keys?
dshaw at jabberwocky.com
Sun May 17 01:34:09 CEST 2009
On May 16, 2009, at 5:33 PM, Lucio Capuani wrote:
> Hello everybody and thank you for reading. I have a pretty good
> understanding of how asymmetric cryptography works in general.
> Nevertheless, the fact that GPG uses "two keys", I mean a main key
> and a subkey, confuses me. Are those "two keys" the private/public
> pair? Or it's else? The subkey is a public key (it must be); since
> you use it for encryption, that's the one you *publish* to the World
> so it can crypt stuff for you. So far so good. Now for the other
> key. Is that to be meant as the "private" key, since is the one
> that's used for signing? Since that is also the key that people do
> sign; I think the answer is NO, but I'm not sure. My idea is that
> *both of those keys are public keys*; one of those public keys is
> used by other to crypt stuff (the "sub", as seen above) and the
> other is used to VALIDATE your signature; and that's the one people
> do sign to acknowledge that that it's yours. So, that key is public
Exactly right. In your example, both the primary key and the subkey
are public keys.
Basically, you can have multiple public/private key pairs. When
people say "public key" in the OpenPGP world, they generally mean "My
public primary key, and any public subkey(s)". Similarly, when people
say "secret key" or "private key" in the OpenPGP world, they generally
mean "My secret primary key, and any secret subkey(s)".
The common OpenPGP key of a primary key and one subkey is 2 key pairs:
the public primary, and its secret, and the public subkey, and its
secret. Each additional subkey is a public/private key pair on its own.
More information about the Gnupg-users