Why is there a subkey and a selfsig in a new key?

Robert J. Hansen rjh at sixdemonbag.org
Tue Nov 8 16:06:38 CET 2011


On 11/8/11 10:01 AM, Simone Cianfriglia wrote:
> There are some reasons behind this choice, I think the main one is because
> it's safer to manage different keys for different needs.

IIRC, it was a response to laws like the United Kingdom's RIPA which
allows the authorities to demand encryption keys from users.  By
separating encryption and signing into separate subkeys, and making the
signing subkey the 'master' one, it allows users to divulge encryption
subkeys to the authorities when required, then immediately revoke those
encryption subkeys and resume encrypted communications with others.

I may be in error.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111108/905f3d25/attachment.pgp>


More information about the Gnupg-users mailing list