Why create offline main key without encryption capabilities

Sun Jun 1 21:25:36 CEST 2014

Am 01.06.2014 16:52, schrieb David Shaw:
> On Jun 1, 2014, at 6:54 AM, Suspekt <suspekt at gmx.de> wrote:
>
>> Hi there, I understand the concept of using a secure offline key
>> and than creating one or multiple subkeys to use in rather insecure
>> environments like a internet-connected laptop or a smartphone.
>> Depending on which tutorial you look at, the recommended
>> capabilities of the offline key vary. Some use the key just for
>> certification of own subkeys and keys of other people.
>>
>> Some recommend using it for certification of own subkeys, keys of
>> other people and signing of documents that are so important, that
>> the signing-subkey is not secure enough.
>>
>> But I yet have to find someone recommending to use the offline
>> mainkey also for encryption/decryption of files, that are so
>> important that subkey encryption/decryption is not secure enough.
>>
>> Is there a reason for that? Am I missing something?
>
> One reason is that in some places there are legal issues around this.
> You can be legally required to give up your encryption key to the
> authorities or suffer the consequences (arrest / jail / etc).  The
> idea is that if you have a different encryption and
> signing/certification key, you can easily give up the encryption
> (sub)key without compromising your (much more valuable) main key.  At
> least that's the theory - I don't know offhand if this "I'll give you
> this key, but not that one" trick has been tested in practice, and if
> so, which legal jurisdiction it was tried in, and whether it worked
> or not.  (I'd be curious to find out, if anyone has any pointers).
>
> For the sake of argument, let's say it worked, though: the
> authorities have your encryption key and can now decrypt as they
> like.  You promptly make a new encryption key using your
> (uncompromised) main key and continue on.  They can read your old
> mail, but not the new, and notably cannot make signatures as you, and
> cannot make new keys as you.
>
> As a side note, when doing a key signing with someone, I send them a
> message and request they sign it to prove ownership of the key.  I
> require that this signature comes from the main key - that's the key
> I'm signing, so that's the key I need to prove ownership of.  The
> subkeys are not really relevant here.
>
> David
>

OK,lets take the forced-by-law-theory in account. Than the "best" way 
from a pure security-standpoint in this regard would be:
0. OFFline-mainkey (certification of own keys and other people's keys)
-> 1. OFFline-subkey (signing)
-> 2. OFFline-subkey (encryption)
-> 3. ONline-subkey (signing)
-> 4. ONline-subkey (encryption)

You use keys 3&4 for everyday-usage. You use keys 1&2 for high-security 
operations. If you get forced by authorities you would give them exactly 
the keys they demand (lets say key 1 and key 4), revoke them and create 
new ones with your offline-mainkey (key 0).
Or they just force you to hand over your entire keyring but then this 
whole thing would be half the fun