digital signature primary key and encryption subkey

David Shaw dshaw at
Wed Nov 18 04:21:57 CET 2009

On Nov 17, 2009, at 10:00 PM, M.B.Jr. wrote:

> Hi list,
> one lame confusion I'm facing now.
> I was reading GnuPG's "Signing Subkey Cross-Certification" page [1],
> and as a matter of fact, these two simple doubts did arise.
> Suppose one provides the command:
> gpg --gen-key
> and chooses the default "DSA and Elgamal" option.

Note that the default is "RSA and RSA" now, but "DSA and Elgamal" are  
still available.

> 1st doubt:
> DSA will be the basis for the primary key and Elgamal, the basis for
> the encryption subkey, is this assertion correct?


> if so, 2nd doubt is:
> both my public and private keys will be built upon my DSA primary key
> and my Elgamal encryption subkey?

I'm afraid I don't really understand what you are asking.  Your  
primary key (DSA) has a public and private part, and uses the DSA  
algorithm.  Your subkey (Elgamal) has a public and private part, and  
uses the Elgamal algorithm.  Your subkey is signed by your primary key  
to indicate that they belong together.


More information about the Gnupg-users mailing list