GPG Subkeys | pseudo-scripter

Home > Interesting > GPG Subkeys

GPG Subkeys

October 14, 2022 Rodnee Leave a comment Go to comments

OpenPGP supports subkeys which are like the normal keys, except they’re bound to a master key pair. A subkey can be used for signing or for encryption. The really useful part of subkeys is that they can be revoked independently of the master keys, and also stored separately from them.

When using subkeys, you’ll only use the master keypair under the following circumstances:

creating a new subkey
changing the preferences on a UID
revoking an existing UID or subkey
signing a key or revoking an existing signature
creating a new UID or marking an existing UID as primary
changing the expiration date on a master key or any of its subkeys
The procedure for creating GPG subkey is as simple as follows:

Create a regular GPG keypair. By default GPG creates one signing subkey(your identity) and one encryption subkey.
Use gpg to add an additional signing subkey to your keypair. This new subkey is linked to the first signing key. So we have three subkeys.
Store your master keypair in a safe place, for its loss will be catastrophic.
Use gpg to remove the original signing subkey, leaving on the new signing subkey & the encryption subkey.

https://oguya.ch/posts/2016-04-01-gpg-subkeys/

Categories: Interesting Tags: cryptography

Comments (0) Trackbacks (0) Leave a comment Trackback

No comments yet.

No trackbacks yet.

Leave a comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Error – “The repository is not signed” How to create a GPG key with subkeys