On May 16, 2009, at 5:33 PM, Lucio Capuani wrote:
Hello everybody and thank you for reading. I have a pretty good understanding of how asymmetric cryptography works in general. Nevertheless, the fact that GPG uses "two keys", I mean a main key and a subkey, confuses me. Are those "two keys" the private/public pair? Or it's else? The subkey is a public key (it must be); since you use it for encryption, that's the one you *publish* to the World so it can crypt stuff for you. So far so good. Now for the other key. Is that to be meant as the "private" key, since is the one that's used for signing? Since that is also the key that people do sign; I think the answer is NO, but I'm not sure. My idea is that *both of those keys are public keys*; one of those public keys is used by other to crypt stuff (the "sub", as seen above) and the other is used to VALIDATE your signature; and that's the one people do sign to acknowledge that that it's yours. So, that key is public too!
Exactly right. In your example, both the primary key and the subkey are public keys.
Basically, you can have multiple public/private key pairs. When people say "public key" in the OpenPGP world, they generally mean "My public primary key, and any public subkey(s)". Similarly, when people say "secret key" or "private key" in the OpenPGP world, they generally mean "My secret primary key, and any secret subkey(s)".
The common OpenPGP key of a primary key and one subkey is 2 key pairs: the public primary, and its secret, and the public subkey, and its secret. Each additional subkey is a public/private key pair on its own.
David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
