On 08/06/2013 09:44 AM, David Shaw wrote: > On Aug 6, 2013, at 9:22 AM, Kenneth Jones <kenten...@me.com> wrote: > >> I'm referring to the information you see for example in the prompt to >> enter your private key when you have received an encrypted message in >> Thunderbird/Enigmail. The window "pinetry" prompts "Please enter the >> pass...2048-bit RSA key, ID DEADBEEF, created ... (main key ID >> ABCD0123)." Notice there are two key ID mentioned in the window, one >> called Main, which is also the public Key ID, (the one I expected, the >> one I remember) and the other for the secret key (which I have Never >> Paid any attention to). > > Ah, that clarifies it. Yes, as a few people have suggested, that's the > subkey ID. It's not inherently public or secret, but just another key > attached to your primary key. In OpenPGP, "your key" refers to a primary > key, plus some number of subkeys (occasionally zero, but that's fairly rare). > The primary key is the one that the user IDs (email addresses, etc) are > attached to, and the one that gathers signatures from other people if you get > your key signed. > > The subkey(s) are keys attached to the primary key, that can be used for > encryption or signing. The idea is that since it is difficult to change your > primary key (you'd need to get it re-signed, and re-print your business > cards, and the like) you should be able to change the subkey quickly and > easily. A common methodology (and in fact the default for many programs) is > to use the primary key for signing, and a subkey for encryption. There are > interesting variations that can be used with this basic design: some people > leave their primary key offline completely, only taking it out to make new > subkeys. Some people use different passphrases on different subkeys. > > To answer your original question, though, traditionally the key-as-a-whole is > referred to by its primary key ID and fingerprint. The subkeys are > effectively along for the ride. Some programs make a point of telling you > which subkey is in use at a particular time. Some do not. > > David >
Pops into this tread. Is there any major disadvantage to have main key of say 2048 bits, but sub keys of 3072 or 4096 bit sizes? Wolf.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
