LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-21-2008, 03:27 PM   #1
joe293
LQ Newbie
 
Registered: Sep 2008
Posts: 3

Rep: Reputation: 0
PGP keys: concept question


Good evening,
I've got a question about the concept of PGP.

I thought I understood everything:
A private keypair contains 2 keys, a DSA-key and a ElGamal-Key.
The ElGamal-Key decrypts, the DSA-key encrypts. Nobody else than me should have access to the DSA-key.

But then I read the GnuPG manual section about subkeys that says:


Quote:
http://www.gnupg.org/gph/en/manual.html#AEN526
Selecting expiration dates and using subkeys
By default, a DSA master signing key and an ElGamal encryption subkey are generated when you create a new keypair. This is convenient, because the roles of the two keys are different, and you may therefore want the keys to have different lifetimes. The master signing key is used to make digital signatures, and it also collects the signatures of others who have confirmed your identity. The encryption key is used only for decrypting encrypted documents sent to you. Typically, a digital signature has a long lifetime, e.g., forever, and you also do not want to lose the signatures on your key that you worked hard to collect. On the other hand, the encryption subkey may be changed periodically for extra security, since if an encryption key is broken, the attacker can read all documents encrypted to that key both in the future and from the past.
So, does that mean, that the DSA master signing key, which seems to be the private key is signed, which would mean that it has to be given away?
And that means, that with the help of the DSA master key, I can generate a ElGamal Key with limited livetime and not publish the primary ElGamal Key that had been created? Or, in my case, revoking the primary ElGamal Key, because I want to have a limited subkey.

Please tell me how to manage having subkeys.

greethings, joe
 
Old 09-23-2008, 04:45 PM   #2
almatic
Member
 
Registered: Mar 2007
Distribution: Debian
Posts: 547

Rep: Reputation: 67
both keys (dsa and elgamal) have a public and a private part, the private part is never given away.
Only the dsa is never used for encryption, it's used for signatures only while the elgamal key is used for encryption.
The advantage is, that, if you wanna change your encryption key for security reasons, you will keep your signatures (web of trust). You just change the encryption (sub)key.
 
Old 09-24-2008, 11:38 AM   #3
joe293
LQ Newbie
 
Registered: Sep 2008
Posts: 3

Original Poster
Rep: Reputation: 0
ah, now I inderstand
thanks, almatic.

greethings, joe
 
  


Reply

Tags
dsa, encryption, pgp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with PGP keys nanyo Fedora 2 09-22-2006 04:19 PM
PGP keys wwnexc Linux - Security 2 04-02-2006 06:47 AM
yum and repo pgp keys psychobyte Linux - Software 1 12-03-2005 05:39 AM
PGP keys Thulemanden Linux - Software 1 10-19-2005 02:37 AM
pgp keys vexer Linux - Security 1 05-11-2004 11:06 PM


All times are GMT -5. The time now is 07:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration