There are actually two public keys?

David Shaw dshaw at jabberwocky.com
Sun May 17 05:40:10 CEST 2009 

On May 16, 2009, at 9:14 PM, Lucio Capuani wrote:

>> Can anyone explain why there is a difference between signing and
>> encrypting keypairs, even for the same type (RSA)?
>
> As far as I've understood from the documentation, one of the reason
> should be that it would be good practice to keep the signing key valid
> indefinitely (thus, having one that never expires so old signatures
> can be verified too) and renew the cryptographic one pretty often for
> security reason. As before, I'd love to get confirmations or denials
> of that ;), and if there's else about it.

That's one of the reasons.  There were actually a good few reasons for  
the switch at the time (the "PGP 3" timeframe, which became the PGP  
5.0 product).  One reason was legal, and not technical.  RSA was still  
patented at the time, so that couldn't as easily be used.  DSA was  
chosen, but DSA can't encrypt, which pretty much required a multiple  
key (primary key + subkeys) solution.  In addition, though, the  
multiple key solution was chosen for its flexibility, as you noted.   
It is handy to be able to make multiple subkeys and regenerate them as  
needed.

One thing the multiple subkey design makes possible is to keep the  
primary key offline altogether, and just use subkeys for all the day  
to day encryption and signing needs.  In this way of working, the  
primary key is only used for two purposes: to make new subkeys when  
that becomes necessary, and to sign other people's keys.  When it is  
not in use (i.e. most of the time), the primary key is stored on  
separate media (say, a CD-ROM or USB stick).  See the --export-secret- 
subkeys description in the GPG manual for more on this.

Note, though, that if you want a single key for everything, you can  
still do that.  Generate yourself an RSA key using the --expert flag,  
and you can create a key that is capable of both encrypting and  
signing in a single key.  It's unusual, and I don't recommend it, but  
GPG will happily use it.

David

More information about the Gnupg-users mailing list