Re: trying to understand UID and subkeys
On Fri, Mar 6, 2009 at 12:10 AM, David Shaw ds...@jabberwocky.com wrote: What do the letters to the right of the words usage mean? (S,C,A,E) I can only guess |S|ign, |E|ncrypt, (S)ign: sign some data (like a file) (C)ertify: sign a key (this is called certification) (A)uthenticate: authenticate yourself to a computer (for example, logging in) (E)ncrypt: encrypt data David S means this key permits the owner to sign things C means that I (felipe) have signed this key ?? E means owner can encrypt to himself ?? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felipe Alvarez escribió: On Fri, Mar 6, 2009 at 12:10 AM, David Shaw ds...@jabberwocky.com wrote: What do the letters to the right of the words usage mean? (S,C,A,E) I can only guess |S|ign, |E|ncrypt, (S)ign: sign some data (like a file) (C)ertify: sign a key (this is called certification) (A)uthenticate: authenticate yourself to a computer (for example, logging in) (E)ncrypt: encrypt data David ... S means this key permits the owner to sign things C means that I (felipe) have signed this key ?? No, it means you can use it to sign other keys, yours or from other people. E means owner can encrypt to himself ?? It means you can encrypt and decrypt things... to yourself, or to other people (of course you can't decrypt things encrypted to other people). Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJuTsKAAoJEMV4f6PvczxATCgH/2DsBtYnOwtK+dFb9v8Getix czTPuf/cvZn600TSLyzsodCRKZJyyX/eNWT+gH5fjjNhx9Z9g+w/zUScomgLfW// N3ZgO81273VQc0+8oe23+Pqwn1Ph5syQ+Jque275cwlWWc9RlKqb4+NUOx+Dr6wF gEL9CyGz81sP6AjQeKnNawrSn6q23XGQh8/jgbqmgLN9rDnHqtkW/wljF41AxTcF IVrAvytHtWK7eeePRFRDaKLQxb0W5YX9GHetHq+5N/Q1kBPz3mDDOxu1y06YJBmU 3XMeliohaU1VV8WtzTj/jSo7sViYcL+OyppzVUW4wkQZHFwkmWdGX3Tt2u6Xghs= =YbVD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
On Thu, Mar 12, 2009 at 08:08:35PM +1000, Felipe Alvarez wrote: On Fri, Mar 6, 2009 at 12:10 AM, David Shaw ds...@jabberwocky.com wrote: What do the letters to the right of the words usage mean? (S,C,A,E) I can only guess |S|ign, |E|ncrypt, (S)ign: sign some data (like a file) (C)ertify: sign a key (this is called certification) (A)uthenticate: authenticate yourself to a computer (for example, logging in) (E)ncrypt: encrypt data David S means this key permits the owner to sign things Yes. C means that I (felipe) have signed this key ?? C means this key permits the owner to certify keys (either your own or someone elses). E means owner can encrypt to himself ?? E means the key can be used to encrypt, period. It doesn't matter if that is you or someone else. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
trying to understand UID and subkeys
Me again. Sorry to sound newbish. I've googled, but I haven't found anything quite as detailed enough for me to grasp the 'whole forest' (so to speak). My question is regarding 'subkeys.' Let me know if I am getting the wording/terminology incorrect. I understand that when I 'gen-key' I create a 'signing' key (to identify tampering/modification) and an 'encryption' key (shouldn't this be a DEcryption key? Wouldn't I use this for DEcrypting docs encrypted with my public key? But I digress). I am also able to add extra UIDs to my public key, so I can have, say 4 different email addresses, all attached to the same public key. Does this mean I have several SIGNING keys, or several DEcryption keys? How do other people use my extra UIDs? Can they pick one to use for encryption, and I must use the twin (private) key matching that UID to decrypt it? Why would I want to create new 'subkeys?' Of what benefit to have, say 5 subkeys belonging to one (master)(private)(signing) key? What do the letters to the right of the words usage mean? (S,C,A,E) I can only guess |S|ign, |E|ncrypt, ## fel...@cheetah:/tmp/gpg-kWzpHj gpg --edit boyd gpg (GnuPG) 2.0.9; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. pub 1024D/48C1382F created: 2000-08-19 expires: never usage: SCA trust: unknown validity: unknown sub 1024g/02B5A402 created: 2000-08-19 expires: never usage: E [ unknown] (1). Colin Boyd c.b...@xx.xx.xx Command ## Sorry if this sounds elementary/trivial. I am new to PKI, and encryption, etc. I have read through GNUPG gettingstarted manual, and been reading this list for nearly 1 week. If I have more questions, I hope you don't mind I ask them here. Thank you Felipe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
On Mar 5, 2009, at 4:22 AM, Felipe Alvarez wrote: Me again. Sorry to sound newbish. I've googled, but I haven't found anything quite as detailed enough for me to grasp the 'whole forest' (so to speak). My question is regarding 'subkeys.' Let me know if I am getting the wording/terminology incorrect. I understand that when I 'gen-key' I create a 'signing' key (to identify tampering/modification) and an 'encryption' key (shouldn't this be a DEcryption key? Wouldn't I use this for DEcrypting docs encrypted with my public key? But I digress). I am also able to add extra UIDs to my public key, so I can have, say 4 different email addresses, all attached to the same public key. Does this mean I have several SIGNING keys, or several DEcryption keys? Neither. It means you have 4 different ways other people can find your key. An OpenPGP key is made up of a pile of keys (a primary key plus some number of subkeys) and a pile of user IDs. Any of the user IDs can be used to locate the key as a whole. Sometimes people set different preferences (essentially hints to the sender on how to encrypt data) on different user IDs, but the key that they encrypt to, and thus the key that you decrypt with, remains the same. Why would I want to create new 'subkeys?' Of what benefit to have, say 5 subkeys belonging to one (master)(private)(signing) key? One reason is to have different keys for different purposes. You can have one subkey for encryption, one subkey for signing, and leave your primary key for certification. This lets you do tricks like keeping your primary key offline. This is useful as the primary key is the most valuable key (since it can make more subkeys), so protecting it is a good idea. What do the letters to the right of the words usage mean? (S,C,A,E) I can only guess |S|ign, |E|ncrypt, (S)ign: sign some data (like a file) (C)ertify: sign a key (this is called certification) (A)uthenticate: authenticate yourself to a computer (for example, logging in) (E)ncrypt: encrypt data David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
David Shaw wrote, in part: You can have one subkey for encryption, one subkey for signing, and leave your primary key for certification. This lets you do tricks like keeping your primary key offline. This is useful as the primary key is the most valuable key (since it can make more subkeys), Question # 1: does primary key here mean primary PUBLIC key? Question # 2: without the pass phrase, how can one make more subkeys? Question # 3: what determines that a key is a primary key? (is it because --gen-key was used instead of --edit-key?) Question # 4: by offline, do you mean not on a keyserver? (versus not on your local hard disk?) Thank you. Gerry (Lowry) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
On Thu, Mar 05, 2009 at 12:14:24PM -0500, gerry_lowry (alliston ontario canada) wrote: David Shaw wrote, in part: You can have one subkey for encryption, one subkey for signing, and leave your primary key for certification. This lets you do tricks like keeping your primary key offline. This is useful as the primary key is the most valuable key (since it can make more subkeys), Question # 1: does primary key here mean primary PUBLIC key? No. Primary secret key. There is no risk in keeping a primary public key online. It's public already. Question # 2: without the pass phrase, how can one make more subkeys? You cannot. To make more subkeys you need both the passphrase and the primary secret key. Question # 3: what determines that a key is a primary key? (is it because --gen-key was used instead of --edit-key?) Essentially, yes. --gen-key always makes a primary key. If you accept the default, it also makes you a single subkey. You can add more subkeys to it later via --edit-key. Question # 4: by offline, do you mean not on a keyserver? (versus not on your local hard disk?) By offline I mean not even on your local hard disk. Offline, say, on a USB flash disk, or a CD-R. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: trying to understand UID and subkeys
On Thursday, March 05, 2009, at 10:14AM, gerry_lowry (alliston ontario canada) gerry.lo...@abilitybusinesscomputerservices.com wrote: David Shaw wrote, in part: You can have one subkey for encryption, one subkey for signing, and leave your primary key for certification. This lets you do tricks like keeping your primary key offline. This is useful as the primary key is the most valuable key (since it can make more subkeys), Question # 1: does primary key here mean primary PUBLIC key? Question # 2: without the pass phrase, how can one make more subkeys? Question # 3: what determines that a key is a primary key? (is it because --gen-key was used instead of --edit-key?) Question # 4: by offline, do you mean not on a keyserver? (versus not on your local hard disk?) Hi Gerry, When someone is referring to a key they are typically referring to a key pair -- both public and private. Your primary key and various subkeys are all keypairs. Public keys are used for encryption and verifying digital signatures. Private keys are used for decryption, creating digital signatures, and for signing other keys. A subkey (keypair) that is flagged for encryption will have both public and private components. Joe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
