Trying to understand the bond between master and subordinate key pairs

Pete Stephenson pete at heypete.com
Wed Feb 12 11:46:53 CET 2014 

On Wed, Feb 12, 2014 at 4:02 AM, Faru Guredo <faruguredo at gmail.com> wrote:
> I’ve read GNU Privacy Handbook, the FAQ and thought I understood the purpose
> of all four keys initially generated with --gen-keys.
> But then I found this https://wiki.debian.org/subkeys and lost it.
>
> tl;dr: There is suggested backup of ~/.gnupg, creation of a new pair of
> subkeys for signing, then all public keys and secret subkeys are exported,
> master key (for signing) is removed (but still available in backup) and
> finally public keys along with secret keys are imported back. This is
> suggested — as far as I understand — in order to keep the original master
> key for signing in a secret place, because master signing key = my genuine
> identity. But.

Right, this is a reasonable thing to do. It's not mandatory, of
course, but it has various advantages.

> Which public keys should be uploaded to the keyserver? Other people may
> verify your signature and encrypt files for you only if they have
> corresponding public keys (of yours). But what about gathering signatures of
> other people on your own public key? Should I upload public key of my master
> signing key along with the public key of the subordinate keypair I am
> planning to use daily? If not, what is the purpose of the public part of the
> master keypair? If I will not upload it, how other people will verify
> signatures I made on their keys or my own keys? Does it all mean I need at
> least three public keys to be known to other people — two for daily signing
> and encrypting and one to verify master key signatures? Do they even need to
> verify what I sign with my master key (I mean my keys and their keys)?

You should upload the public key of your primary ("master") key to the
key servers. If you do this in GnuPG, it will automatically upload the
public keys for your primary key and all the subkeys. If you use the
"--export" command to export your public key, it will export the
public key of your primary key and subkeys in one file.

Similarly, when people search for your public key on the key servers
they should search for the KeyID of your primary key. When they
download it, they will also get the public keys for the subkeys.

> I don’t get the bond between master keys and subordinate keys. Does it even
> exist? To me they look like totally different keys. Okay, when I usually
> sign files with key AAAAAAAA when I send them to Alice, and eventually I
> want to sign her key (…which of her keys, actually? The one she uses daily
> or the one she keeps like me? If she keeps it, how did it get to me? Which
> public keys supposed to collect signatures of other people — of the master
> one or newly created subordinate one?), I need to use my master key
> BBBBBBBB. How does she know that BBBBBBBB is also my key if they have
> different IDs? (Let’s assume public key of the master pair is irrelevant,
> and signing pubkey exchange is done via subordinate pair which never
> expires.)

Subkeys are bound to their respective primary key by signatures made
by the primary key.

When you sign someone else's key, you sign the public key of that
person's primary key. Similarly, when they sign your key, they sign
your primary key. Since the subkeys are bound to their respective
primary keys, the trust in the primary key is automatically applied to
any subkeys without any additional signatures being required. For
example, see my key 0x85EB9F44 (which can be found on the keyservers
at <http://pool.sks-keyservers.net:11371/pks/lookup?op=vindex&fingerprint=on&search=0x9A5CC3A485EB9F44>)
-- my primary key ("pub") has collected signatures from several people
on my user ID ("uid"). I also have signing and encryption subkeys
("sub") that are bound ("sig sbind") to the primary key and which I
use for day-to-day signing and encrypting of files and messages.

I only use my primary key for signing other people's public keys
(subkeys cannot make "certifications" on other people's public keys)
or when generating new subkeys. Otherwise, the subkeys are used for
all the usual purposes.

In general, people do not need to know the KeyIDs of the subkeys --
that is handled automatically by GnuPG. Similarly, you generally do
not need to concern yourself with the KeyIDs of your subkeys, nor do
you need to tell GnuPG to specifically use them (GnuPG will sign
messages with the newest signing subkey by default).

In short: your subkeys are linked to your primary key and GnuPG will
handle subkeys automatically and transparently without your needing to
worry about their KeyIDs.

Cheers!
-Pete

More information about the Gnupg-users mailing list