multiple subkeys and key transition

David Shaw dshaw at
Sat Dec 11 20:07:52 CET 2010

On Dec 11, 2010, at 4:15 AM, Ben McGinnes wrote:

> On 10/12/10 2:33 PM, David Shaw wrote:
>> A good way to look at this is to pick what you want your primary key
>> to be.  The subkeys don't really matter that much, as the primary is
>> the one that gathers signatures, and the one that makes (i.e. signs)
>> subkeys.  It's the key that establishes "identity" in the web of
>> trust.  The subkeys matter a lot less as it's trivial to make new
>> subkeys whenever you feel the need, using whatever algorithm and
>> size is favored at that point.
> Very interesting.
>> One useful model is to make a large & non-expiring primary key, and
>> use it only to make subkeys.  Use a subkey for signing data, and a
>> (different) subkey for encryption.  This has a few advantages, such
>> as that you can leave this primary key offline altogether (since you
>> only actually need it to make more subkeys).  It's hard to
>> compromise a key that isn't actually on your computer most of the
>> time :)
> I think this is probably what I will do for my next key, but how do I
> specify between the primary key and the signing subkey when signing
> messages?  Is that done with the Sign, Encrypt, Certify and
> Authenticate capabilities during key creation?  I'm happy to do it in
> expert mode, I just want to be clear on the different options.

The flags you can turn on and off in expert mode are:

Sign: sign data (i.e. sign a file)
Encrypt: encrypt
Authenticate: prove your identity (for example, sign a challenge token presented by a server so it will let you in)

You can't actually turn on or off certify (which is to sign a key - either your own or someone elses).  In OpenPGP, the primary key can always certify (it may be able to encrypt/sign/authenticate as well, but the only strict requirement is that it must be able to certify).  Without the ability to certify, you could never make a subkey, since subkeys are signed by the primary key.

So given that all primary keys will certify, you just need to decide whether you want it to sign, encrypt, or both.  The default is to certify and sign, and that is what I recommend (no expert mode needed).

Once you make that primary key, you just add subkeys for whatever capabilities you desire.  Again, the defaults are recommended (they are correct for virtually everyone).  I'd add a sign-only subkey and an encrypt-only subkey.  GnuPG will automatically use the subkey for signing over the primary key for signing.


More information about the Gnupg-users mailing list