Mainkey with many subkeys??

MFPA 2014-667rhzu3dc-lists-groups at
Fri Dec 12 01:27:44 CET 2014

Hash: SHA512

On Thursday 11 December 2014 at 2:15:26 PM, in
<mid:5489A6FE.60001 at>, Tomo Ruby wrote:

> To be honest I didn't think and search about that too
> much, but that was not the point anyways...

I'm confused. You seemed to be making quite a point of it. (-:

> How do you judge whether to replace the key or not? Of
> course there are obvious opportunities when to replace
> keys but if nothing special (like the system being
> compromised) happens,

Or there are new ideas/standards/technology/exploits such that a
particular key size or algorithm is no longer considered safe, or
something is available with a smaller signature size, for example.

Examples include the introduction of subkeys, larger key sizes (2048
instead of 1024), DSA or DSA2 vs RSA, ...

> I really know only of this
> approach: The more encrypted/signed data I spread over
> the web, the easier it might be for an attacker to
> calculate the secret key. And because of that I'd
> replace on a regular basis. Please correct me here if
> I'm wrong!!

There are others on this list better placed to answer this. As far as
I know, the only thing actually encrypted to your secret key is the
session key for each message.

> See above, besides Enigmail for example uses default
> values with expiration dates...

I did not know that. I guess the Enigmail developers must know what
they are doing _and_why_.

> I'm not sure if I understand you right here but if you
> ask why I would use a subkey to sign, the answer is:
> Because I want to use an offline mainkey and subkeys
> for the daily work...

You were asking why most keys seem to have far fewer subkeys (in use
or expired/revoked) than the advice you were following would lead you
to expect. I was saying that one reason is because a large proportion
of keys do not have a signing subkey. (-;

My old key was a v3 key that didn't support subkeys, and that lasted
me about 11 years. My new key has signing subkeys of both RSA and
EDDSA varieties.

I understand the idea of offline main keys, but don't see how the use
case fits my threat model.

- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at

Always borrow money from a pessimist - they don't expect it back


More information about the Gnupg-users mailing list