-   Linux - Security (
-   -   GPG / PGP subkeys (

wwnexc 05-21-2006 01:19 AM

GPG / PGP subkeys

I have been using gpg for a while now. It works nicely and reliably. I have been using one and the same RSA key for signing and having messages encrypted to so far.

I am wondering how the subkeys work.

- What is the point of subkeys?
- What happens if i have more than 1 subkey? Can the user choose to which one to encrypt to (didn't work for me YET), or is it automatically encrypted to all of them? Or...?
- What else is there that is valuable to know as to how they work technically (what is encrypted / signed how) and practically, as in who gets what and can do what....


gilead 05-21-2006 02:54 PM

If you're using the term subkey the same way the gpg folks are (and I expect you are), then the info at should help.

Basically you have a master signing key that you never want to expire. The encryption subkey usually has a finite life so that if it is broken, an attacker can only decrypt information with the old key. They also state that it is only useful to have one valid enctyption subkey on a keyring since no additional security is added by having more on the one keyring.

There's a lot more general info in the GNU Privacy Handbook, I recommend having a look there. Mostly so I don't paraphrase incorrectly... ;)

All times are GMT -5. The time now is 01:47 AM.