Why create offline main key without encryption capabilities

David Shaw dshaw at jabberwocky.com
Mon Jun 2 17:47:51 CEST 2014 

On Jun 2, 2014, at 11:30 AM, Suspekt <suspekt at gmx.de> wrote:

> Am 02.06.2014 17:01, schrieb David Shaw:
> > One problem with multiple encryption subkeys is that the person
> > encrypting to you doesn't know which one to use. As things stand in
> > OpenPGP clients today, unless the person encrypting explicitly
> > specifies which subkey to use (and not all clients even offer a
> > choice at all) they'll *a* subkey, which may or may not be the one
> > you (or they) would have wanted.
> >
> > This problem doesn't exist in exactly the same way for multiple
> > signing subkeys since which key is used is under your control (the
> > signer), but there is a related problem in that you'd have a "low
> > security" signing key and a "high security" signing key. How does the
> > recipient know which is the intended one at any given time?  From the
> > recipient's perspective, it's just a good signature. There is no
> > "this is a good signature from my high security key" (there is a
> > "good signature from key XXXXX", but they don't know what additional
> > meaning you give to that key in particular).
> >
> > To be sure, OpenPGP does have enough hooks and capabilities to
> > implement what you're talking about (signature notations to say "this
> > is my high security key", for example) but it isn't done at this
> > time.
> >
> > David
> >
> Correct me if I'm wrong but doesn't GPG prefer the keys created last over keys created earlier? So it would use the every-day keys by default and use the high-security keys only if told specifically?

This is the GPG behavior, but this is just what GPG does.  It's not mandated by the OpenPGP standard, so other clients may do other things.  It would be equally as correct for a client to choose the key created earlier, or indeed to choose randomly.

There is some interesting discussion of key selection in http://tools.ietf.org/html/draft-brown-pgp-pfs-03.  They argue (as part of a PFS scheme) that the key most near its expiration time should be chosen.

David

More information about the Gnupg-users mailing list