What does the "sub" entry of a key mean?
bo.berglund at gmail.com
Sat Jan 15 19:17:27 CET 2011
On Sat, 15 Jan 2011 12:27:58 -0500, David Shaw <dshaw at jabberwocky.com>
>On Jan 15, 2011, at 11:13 AM, Bo Berglund wrote:
>> I am building an application for GPG encryption, which ultimately will
>> be integrated into the Win7X64 Explorer context menu.
>> I have used the command line command "gpg2 -k" to retrieve a ley list
>> for the current key ring. Works fine. Now it is time for parsing and I
>> have a few questions:
>> The output from the command looks like this (shortened):
>> C:/Documents and Settings/Bosse/Application Data/gnupg/pubring.gpg
>> pub 1024D/C50DAFF8 2006-08-19
>> uid Bo Berglund <bo.berglund at gmail.com>
>> sub 2048g/011AD792 2006-08-19
>> pub 1024D/41C6E930 2003-04-10
>> uid Richard Jones <richard at commonground.com.au>
>> uid Richard Jones <richard at mechanicalcat.net>
>> uid Richard Jones <richardjones at optushome.com.au>
>> sub 1024g/40AD97DF 2003-04-10
>> Now, I understand most of this but I would like to know the
>> significance of these items:
>> 1) In the pub line the first item is a number + a letter. I assume
>> that the number is the bit length of the key, but what does the letter
>> mean? And which are the possible letters?
>Yes, the number is the bit length of the key. The letters are:
>RSA == R
>DSA == D
>Elgamal == g (only seen in subkeys)
>Historically there was a "G" for an Elgamal key that could both encrypt and sign, but that was dropped from OpenPGP. The current lowercase "g" Elgamal is an encrypt-only key.
>> 2) What does the last line of each key mean, which starts with sub?
>> Notice that there is a different hex code and different letter
>> following the key length...
>Sub is for subkeys. They are other keys that go along with the main, or primary, key. A common usage pattern is for the primary to be used for signing, and the subkey used to encryption.
>> 3) Some keys have several uid lines, is there a maximum or minimum
>> number here? It looks like a number of email addresses attached to the
>> key, is this correct?
>There is a minimum of 1. There is no maximum. There are also "uat" lines, of which there are zero or more. A uat is used to store other things aside from text (for example, photo IDs).
>> 4) I only have one public keyring, but I assume that it is possible to
>> have several? If so will the -k command list these after each other?
>> The first output line seems to be the actual keyring location.
>It is possible to have several.
>I note that you are trying to parse the output, though. That is a bad idea, as the format is intended for human consumption, and not machine parsing. The machine format is stable, and the human format is subject to change. Use the --with-colons option to enable machine parsing.
THanks, indeed the --with-colons gave a completely different output...
I was just about to ask of the date format (if it changes between
operating systems or such) but now I have a different problem in
understanding the machine readable format.
Very hard to understand. Is there a parsing guide somewhere?
Developer in Sweden
More information about the Gnupg-users