Several master keys vs. master key ,and subkeys

[Werner Koch]

On Tue, 16 Jul 2013 12:21, biggles.trenton at gmail.com said:

> A GnuPG key has a private key and a public key. When you first create

All public key algorithms work with the concept of a keypair.  GnuPG
does the same.  This is the low level maths.  To make it usable we need
to bind mail addresses to the key (user IDs) and securely bind them to
the key (self-signatures).  That is the same for OpenPGP and S/MIME.
However, OpenPGP goes further by working with /keyblocks/.  A keyblock
is a collection of primary key with user IDs and several subkeys, bound
by self-signatures and back-signatures to the primary key.  Thus a
keyblock as commonly two keys: A primary and a subkey.

Now this keyblock exists in two variants: as a public keyblock and as a
secret keyblock.  The latter also has the private keys and thus needs to
be kept secure.

> it, you get these two parts, and a different kind of "keys", a primary
> key (usage: SC), and a sub key for encryption (usage: E).

Right.

> You can add and revoke sub keys, as much as you want, as well as UIDs,
> for when you change or add mail addresses, Jabber IDs, etc.

Correct.

> You can also make a version of your key where the primary key is
> deleted and you have two sub keys, one for encryption (usage: E) and
> one for signing (usage: S).

That is a GnuPG feature and is only done for the private part of the
primary key.  It is a private extension to OpenPGP but more or less
irrelevant to the standard becuase it affects only the private key
(OpenPGP uses the term "secret key" instead of "private key" - it
doesn't matter).

> You have a version B of your key, with a different password than
> version A (where the primary key is still present)? Not that one
> particular subkey per se has a different password?

Usually this does not happen because GnuPG < 2.1 has no feature to merge
secret subkeys.

> If I were to create two different signing subkeys (usage:S), not sure
> why, but still, I could give them different passwords?

Yes.  The passphrtase protects the secret part of each key.  It just
happens that gpg always syncs them to work withnthe same passphrase.

> If you _can_ assign a separate, different password to a particular
> subkey, I assume it is done under --edit-key, but how?

You can't without hacking the code or making advanced use of gpgsplit.

> I have four versions of my key (RSA):
> 1. "Main key", which is only stored offline, and which contains
> primary key and all past and present subkeys, including revoked
> ones. (None so far). This key has passphrase A.

Same here.

> 2. The key I use, which is kept inside the TrueCrypt file mentioned
> above. It has my current subkeys for encryption and signing, but not
> the primary key. This key has passphrase B.

Okay.

> 3. A travel key, basically GnuPG 1.4.13 and Cryptophane on a USB
> thumbdrive. It only has my public key.

A public key is a public key is a public key.  No need to protect it,
you may only want to remeber the fingerprint.

> 4. Same as 3. on my work mobile, using Android and APG 0.8. Only
> public key present.

Okay.  I have my public key on all of my boxes because I use it to
encrypt the backups (actually I encrypt the backups to several keys).

> The reason for 3 and 4 is that I discovered that during the day, I
> more often want to _encrypt_ something to myself, a file or a short
> piece of text, in various situations. It can be before uploading a
> diary note or a customer file to Dropbox or pretty much just

That is the cool thing with public key crypto.

> anything. Decryption happens later, when at my desk or in more secure
> environments, using key version 2.

Right.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.