Why Signing key part of Master key

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Feb 26 08:35:25 CET 2019


On Sun 2019-02-24 19:53:53 +0000, Farhan Khan via Gnupg-users wrote:
> I was under the impression that best practice was to keep the master
> key offline in cold storage.

"best practice" for some is "unusable complexity" for others :) If it
works for you, it's probably not unreasonable to keep the primary key
offline in cold storage.  But remember that what that does is to protect
the primary key itself -- if you've got subkeys that are capable of
acting as you (with the exception of making OpenPGP certifications),
those subkeys are not protected by keeping the primary key offline.

> If so, wouldn't that make having the signing key impossible to use?

sure, but there's nothing stopping an "SC-capable" primary key from
*also* certifying another S-capable subkey, and using that one, if the
primary key is kept offline.

> And if so, is it possible to remove the Signing functionality from my
> Certificate key that I already generated?

the "change-usage" subcommand to "gpg --edit-key" might be what you're
looking for.  it's documented in more recent versions of the gpg(1) man
page.

            change-usage
                     Change the usage flags (capabilities) of the primary  key
                     or  of  subkeys.   These usage flags (e.g. Certify, Sign,
                     Authenticate,  Encrypt)  are  set  during  key  creation.
                     Sometimes  it is useful to have the opportunity to change
                     them (for example to add Authenticate)  after  they  have
                     been  created.  Please take care when doing this; the al‐
                     lowed usage flags depend on the key algorithm.

Note that if you do this after having sent messages signed by the
primary key, it's not clear what the behavior will be for someone who
reads those signed messages after fetching your updated OpenPGP
certificate.  Should the message signature be invalid because the
primary key is no longer signing-capable?

Also note that OpenPGP certificates are built and updated by
aggregation.  So if you change your primary key's usage flags, that'll
simply be a new set of self-signatures that makes this change.

Anyone who wants to build a composite OpenPGP certificate from your key
material by filtering out this change can easily do so, producing a
certificate that is appears to still be SC-capable.  Reasonable OpenPGP
clients that see this certificate *and* your updated one will merge them
and respect the most recent usage flags. But does everyone you
correspond with use a reasonable OpenPGP client and have access to your
update certificate?  (exercise left to the reader…)

           --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190226/1ea9552e/attachment.sig>


More information about the Gnupg-users mailing list