On 2013-08-06 22:44, David Shaw wrote: > On Aug 6, 2013, at 9:22 AM, Kenneth Jones <kenten...@me.com> wrote: > >> I'm referring to the information you see for example in the prompt to >> enter your private key when you have received an encrypted message in >> Thunderbird/Enigmail. The window "pinetry" prompts "Please enter the >> pass...2048-bit RSA key, ID DEADBEEF, created ... (main key ID >> ABCD0123)." Notice there are two key ID mentioned in the window, one >> called Main, which is also the public Key ID, (the one I expected, the >> one I remember) and the other for the secret key (which I have Never >> Paid any attention to). > Ah, that clarifies it. Yes, as a few people have suggested, that's the > subkey ID. It's not inherently public or secret, but just another key > attached to your primary key. In OpenPGP, "your key" refers to a primary > key, plus some number of subkeys (occasionally zero, but that's fairly rare). > The primary key is the one that the user IDs (email addresses, etc) are > attached to, and the one that gathers signatures from other people if you get > your key signed. > > The subkey(s) are keys attached to the primary key, that can be used for > encryption or signing. The idea is that since it is difficult to change your > primary key (you'd need to get it re-signed, and re-print your business > cards, and the like) you should be able to change the subkey quickly and > easily. A common methodology (and in fact the default for many programs) is > to use the primary key for signing, and a subkey for encryption. There are > interesting variations that can be used with this basic design: some people > leave their primary key offline completely, only taking it out to make new > subkeys. Some people use different passphrases on different subkeys. > > To answer your original question, though, traditionally the key-as-a-whole is > referred to by its primary key ID and fingerprint. The subkeys are > effectively along for the ride. Some programs make a point of telling you > which subkey is in use at a particular time. Some do not. > > David > Thank you, David, for your reply. And thanks to all others who also helped, and those who patiently waited for me while the light dawned. It's apparent that I have a lot of catching up, I'll go do some reading. I'm fascinated, for example that a key pair has more than two parts. I have many questions, but I've taken enough of your time. FWIW, Steve Gibson, the SpinRite guy if you know of it, is beginning a series on mail privacy on his internet TV program at TWiT dot TV. Might be good to have you guys 'audit the course' so to speak, in case he goes far afield. Thanks again for your help. Ken
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
