1024 key with 2048 subkey: how affected?

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 23 19:16:34 CET 2012

On 1/23/12 9:18 AM, Chris Poole wrote:
> If the only purpose of the primary key (in my case, where I have subkeys for
> signing and encryption) is to sign the subkeys

How do you enforce that?  If it is technically possible to sign a
document with your primary key, then good luck telling a judge "no, Your
Honor, this signature isn't valid, it was made with my primary key and I
only use my signing subkey for documents."

You may say the only purpose of the primary key is to sign the subkeys,
but if it's technically possible for the primary key to sign documents
then the purpose of the primary key is to sign documents.

This is why I think it's kind of absurd to have a larger signing subkey
than the primary key.  The weak link in the chain is going to be the
primary key.

More information about the Gnupg-users mailing list