There are actually two public keys?

Lucio Capuani louis.capuani at
Sun May 17 03:14:16 CEST 2009

Tanks David and Robert for your informative (and quick) replies. It's
much more clear now. But, am I the only one to think that the
documentation is pretty misleading about "pairs" of keys, and that GPG
generate 'a' keypair (With gpg --gen-key a new key-pair is
created...), and moreover, that one of the (actually) two generated
keypairs is tagged as... "pub"?

> Can anyone explain why there is a difference between signing and
> encrypting keypairs, even for the same type (RSA)?

As far as I've understood from the documentation, one of the reason
should be that it would be good practice to keep the signing key valid
indefinitely (thus, having one that never expires so old signatures
can be verified too) and renew the cryptographic one pretty often for
security reason. As before, I'd love to get confirmations or denials
of that ;), and if there's else about it.

Thanks so much!
Lucio Capuani

More information about the Gnupg-users mailing list