Trying to understand the bond between master and subordinate key pairs

Wed Feb 12 11:19:13 CET 2014

Am Mi 12.02.2014, 07:02:51 schrieb Faru Guredo:

> This is suggested — as far as I understand — in order to keep
> the original master key for signing in a secret place, because master
> signing key = my genuine identity. But.

Signing (data) is not the relevant aspect of a mainkey. Certification 
(i.e. signing key components) is. You can create mainkeys which are not 
capable (i.e: not allowed) of signing data at all.

> Which public keys should be uploaded to the keyserver?

All public keys must be available to the public. (You cannot even 
prevent that from happening.) The public mainkey is necessary for the 
verification that the subkeys belong to this mainkey. Furthermore it is 
needed for the fingerprint check.

> But what about gathering
> signatures of other people on your own public key? Should I upload
> public key of my master signing key along with the public key of the
> subordinate keypair I am planning to use daily?

These two components are not related at all. These should be two 
distinct questions.

> I don’t get the bond between master keys and subordinate keys. Does it
> even exist?

The mainkey binds the subkeys by signing them. Signature subkeys have to 
sign the mainkey, too, in order to become valid.

OpenPGP considers signatures by a subkey as equivalent to those by a 
mainkey. But if everyone understand what this means (and how it can be 
checked) then you can use the protected mainkey for more secure 
signatures (if you do not have a more secure other key). You can use it 
for more secure encryption, too (again: If everyone involved understands 
how to do that).

> To me they look like totally different keys.

They are, technically. They could even be exchanged. But the OpenPGP key 
format marks one as the mainkey and the other ones as subkeys.

> Okay, when I
> usually sign files with key AAAAAAAA when I send them to Alice, and
> eventually I want to sign her key (…which of her keys, actually? The
> one she uses daily or the one she keeps like me? If she keeps it, how
> did it get to me? Which public keys supposed to collect signatures of
> other people — of the master one or newly created subordinate one?),
> I need to use my master key BBBBBBBB. How does she know that BBBBBBBB
> is also my key if they have different IDs?

That's not the way keys are used. You tell the application to use the 
key 0xAAAAAAAA. That always refers to a mainkey. The OpenPGP subsystem 
(GnuPG) then selects the appropriate key: either the mainkey of a 
subkey. Your contacts only verify 0xAAAAAAAA. Possible subkeys are 
verified automatically (you cannot prevent that). Signatures are shown 
to be made by the mainkey.

More precise: GnuPG does show you the subkey which made the signature 
but I don't believe any GUI does (in a way useful to beginners). You can 
even force GnuPG to use a certain subkey (if technically possible) or 
the mainkey and thus override the automatic selection. But I have never 
seen a higer-level application offering that.

> (Let’s assume public key of the master pair is irrelevant,

That is not a useful assumption.

Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140212/7e649fa6/attachment.sig>