GPG, subkeys smartcard and computer
dgouttegattat at incenp.org
Sun Feb 19 15:58:56 CET 2017
On 02/19/2017 03:11 PM, Peter Lebbing wrote:
> However, maybe someone has come across a reason to do it where it would
> be worth the hassle. There certainly are people using multiple S subkeys.
Some time ago, I did some experiments with a RSA master key with two
sets of subkeys: RSA subkeys and ECC-based subkeys (ECDSA for the
signing subkey, ECDH for the encryption subkey).
The idea was to test whether such a setup could be used by someone
wanting to use elliptic-curve cryptography, but at the same time not
wanting to cut herself from people still using GnuPG 2.0.x (which has no
support for ECC).
Let's say Alice and Bob both use GnuPG 2.1, but Charlie uses GnuPG 2.0.
And Alice uses the setup described above, where the ECC-based subkeys
were created *after* the RSA-based subkeys.
For encryption: When Bob wants to encrypt a message to Alice, his gpg
program automatically selects the latest encryption subkey it can use,
that is, the ECDH subkey. On the other hand, when Charlie wants to
encrypt a message to Alice, his gpg program skips the unsupported ECDH
subkey and automatically selects the remaining RSA subkey. So everything
work, Alice and Bob can benefit from ECC support in GnuPG 2.1 while
still allowing Charlie to use RSA.
For signing: Alice signs her messages with *both* her RSA subkey and her
ECDSA subkey (using multiple --local-user options), allowing both Bob
and Charlie to verify her messages even though Charlie is stuck with
GnuPG 2.0 and RSA.
(Eventually, Charlie will upgrade to GnuPG 2.1, and Alice will then
revoke her RSA subkeys.)
Disclaimer: I am not advocating such a setup, that I don't even actually
use. I did those tests mostly out of curiosity (I stick to RSA keys even
with GnuPG 2.1, so I have no need to worry about backward
compatibility). But I guess it's a possible reason for wanting more than
one set of subkeys.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users