GPG, subkeys smartcard and computer

Damien Goutte-Gattat dgouttegattat at
Sun Feb 19 15:58:56 CET 2017

On 02/19/2017 03:11 PM, Peter Lebbing wrote:
> However, maybe someone has come across a reason to do it where it would
> be worth the hassle. There certainly are people using multiple S subkeys.

Some time ago, I did some experiments with a RSA master key with two 
sets of subkeys: RSA subkeys and ECC-based subkeys (ECDSA for the 
signing subkey, ECDH for the encryption subkey).

The idea was to test whether such a setup could be used by someone 
wanting to use elliptic-curve cryptography, but at the same time not 
wanting to cut herself from people still using GnuPG 2.0.x (which has no 
support for ECC).

Let's say Alice and Bob both use GnuPG 2.1, but Charlie uses GnuPG 2.0. 
And Alice uses the setup described above, where the ECC-based subkeys 
were created *after* the RSA-based subkeys.

For encryption: When Bob wants to encrypt a message to Alice, his gpg 
program automatically selects the latest encryption subkey it can use, 
that is, the ECDH subkey. On the other hand, when Charlie wants to 
encrypt a message to Alice, his gpg program skips the unsupported ECDH 
subkey and automatically selects the remaining RSA subkey. So everything 
work, Alice and Bob can benefit from ECC support in GnuPG 2.1 while 
still allowing Charlie to use RSA.

For signing: Alice signs her messages with *both* her RSA subkey and her 
ECDSA subkey (using multiple --local-user options), allowing both Bob 
and Charlie to verify her messages even though Charlie is stuck with 
GnuPG 2.0 and RSA.

(Eventually, Charlie will upgrade to GnuPG 2.1, and Alice will then 
revoke her RSA subkeys.)

Disclaimer: I am not advocating such a setup, that I don't even actually 
use. I did those tests mostly out of curiosity (I stick to RSA keys even 
with GnuPG 2.1, so I have no need to worry about backward 
compatibility). But I guess it's a possible reason for wanting more than 
one set of subkeys.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170219/7752993e/attachment.sig>

More information about the Gnupg-users mailing list