Different signing & encryption keys

Philip Jackson philip.jackson at nordnet.fr
Wed Aug 13 10:56:25 CEST 2014


On 12/08/14 21:05, Werner Koch wrote:
> On Tue, 12 Aug 2014 19:50, psusi at ubuntu.com said:
>> We used to use different keys for signing and encrypting ( DSA & El
>> Gammel ), but these days just seem to use a single RSA key by default.
> 
> That is not the case.  GnuPG creates an RSA signing key and an RSA
> encryption subkey by default.  These are different keys because the
> common wisdom is to use one key for one purpose.
> 

The important here must be 'by default'.  Last year, I followed a thread on the
gpg4win forum and created an 8192 key using gpg --batch command.  The key
produced was a single RSA8192 key for encrypt, sign, certify, authenticate,
probably because I did not specify any sub-key.  (I still have it but have never
used it nor released it to the world).

I don't recall having been prompted by gpg to specify a sub-key so I could say
that gpg produced a single key 'by default'.  It was a year ago so I could be
mistaken.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x23543A63.asc
Type: application/pgp-keys
Size: 5190 bytes
Desc: not available
URL: </pipermail/attachments/20140813/72da7d14/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140813/72da7d14/attachment.sig>


More information about the Gnupg-users mailing list