Multiple Subkey Pairs

Daniel Kahn Gillmor dkg at
Thu Mar 13 14:49:19 CET 2014

Hi Martin--

On 03/13/2014 06:44 AM, Martin Behrendt wrote:
> I want to achieve the following:
> 1. A Master signing key
> 2. A subkey signing/enc pair for my normal machine
> 3. A subkey signing/enc pair for e.g. my mobile device

> Now the following problem arises (at least from the reading I have
> done). As I understand gpg only uses one of the encryption subkeys to
> encrypt the message. So the question is, is it possible to encrypt to
> all encryption subkeys in a key? And if yes, is there an easy way to
> do it, so also not just me can handle that, but also the people who
> sent me encrypted mails. (And if not, does it make sense to implement
> something like this in gnupg?)

ultimately, the problem here is that the people who correspond with you
don't know what device you're going to be reading the encrypted message
on, so they cannot choose which encryption-capable subkey to encrypt to.

In practice, it doesn't make sense to have more than one
encryption-capable subkey active at a time; for signing-capable subkeys,
you can have one per device as you describe.

So here is what i consider to be best practice for those people who end
up using more than one machine:

 0) a master certifying key (possibly offline)
 1) an encryption-capable subkey (shared across all machines)
 2) one signing-capable subkey per device (never shared)

in the event of machine compromise, use the master certifying key to
revoke the encryption-capable subkey and the signing subkey specific to
the compromised machine; add a new encryption-capable subkey and
distribute it to your remaining non-compromised devices.  Publish all
these changes to the public keyservers (as well as any other channels by
which you've normally published your keys).

You can also choose some schedule to regularly revoke (or expire) any of
the subkeys and replace them with new ones as a matter of routine
maintenance if you're concerned about key leakage through overuse, or
you just prefer to pre-emptively rotate keys.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140313/bac13eda/attachment.sig>

More information about the Gnupg-users mailing list