[Gpg4win-users-en] Subkey generation: kleopatra vs. commandline
fabian.nick at scai.fraunhofer.de
Wed Feb 12 09:50:23 CET 2014
does that mean that the keypair created with kleopatra (which has no subkey) can (or should?!) only be used for signing?
I'm asking because a friend of mine (who actually brought up this question) has send me his public key which contains no subkey and he was a bit confused since my public key I sent him does have a subkey.
----- Original Message -----
> From: "Werner Koch" <wk at gnupg.org>
> To: "Fabian Nick" <fabian.nick at scai.fraunhofer.de>
> Cc: gpg4win-users-en at wald.intevation.org
> Sent: Wednesday, 12 February, 2014 8:36:39 AM
> Subject: Re: [Gpg4win-users-en] Subkey generation: kleopatra vs. commandline
> On Tue, 11 Feb 2014 10:39, fabian.nick at scai.fraunhofer.de said:
> > 1) What exactly are subkeys for?
> They make key management easier. The user needs to know only about
> primary key and the OpenPGP application takes care of using the right
> best practice cryptography operational rules require that a certain
> is only used for one purpose (signing or encryption). By using a
> primary key for signing and a subkey for encryption, OpenPGP allows
> implement this. X.509 has no such provision and to satisfy the rules
> one need to create two entirely different keys and manage both.
> You may also add other subkeys for other urpiuses. For example an
> key or a key for Bitcoin (currently in development). Still you can
> identify all theses keys with just one fingerprint or user id.
> > 3) How do I create a public key without a subkey from the command
> > line?
> $ gpg --gen-key
> Please select what kind of key you want:
> (1) RSA and RSA (default)
> (2) DSA and Elgamal
> (3) DSA (sign only)
> (4) RSA (sign only)
> (7) DSA (set your own capabilities)
> (8) RSA (set your own capabilities)
> Your selection? 4
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048)
> The primary key must be capable of signing, thus you do not see an
> encrypt-only choice here. To later add another subkey, you use "gpg
> --edit-key" and then the command "addkey".
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gpg4win-users-en