multiple subkeys and key transition

David Shaw dshaw at
Fri Dec 10 04:33:05 CET 2010

On Dec 9, 2010, at 1:30 PM, Ben McGinnes wrote:

> Good to know.  Should I make the transition now/soon, my current plan
> is either of these two options:
> 1) 4,096-bit RSA signing key with a 4,096-bit Elgamal encryption key.
> 2) 4,096-bit RSA signing key with a 4,096-bit RSA encryption key and a
> 4,096-bit Elgamal encryption key.

A good way to look at this is to pick what you want your primary key to be.  The subkeys don't really matter that much, as the primary is the one that gathers signatures, and the one that makes (i.e. signs) subkeys.  It's the key that establishes "identity" in the web of trust.  The subkeys matter a lot less as it's trivial to make new subkeys whenever you feel the need, using whatever algorithm and size is favored at that point.

One useful model is to make a large & non-expiring primary key, and use it only to make subkeys.  Use a subkey for signing data, and a (different) subkey for encryption.  This has a few advantages, such as that you can leave this primary key offline altogether (since you only actually need it to make more subkeys).  It's hard to compromise a key that isn't actually on your computer most of the time :)


More information about the Gnupg-users mailing list