Ok, so I've generated my PGP keys using GnuPG and sent the key to the keyservers.
But then I found that GnuPG generates a pair of keys, one main and one subkey as I understand it.
Did I make an error by uploading my main key to the keyserver using the id (some letters/numbers) of the main key?
I am a bit lost in what subkeys do and how to use them.
Thanks
Subkeys make key management easier.You can keep your identity tied to your master key that you keep locked away in a vault at the bottom of a dungeon that has guard dogs and armed guards. Use subkeys that expire for day-to-day things such as encrypting files, digitally signing emails or code.
All GPG keys are stored in the "keyring", which is at ~/. gnupg or %AppData%/gnupg . Running gpg --version will show the path being used.
It works by using a public-key cipher to share a key for the symmetric cipher. The actual message being sent is then encrypted using the key and sent to the recipient. Since symmetric key sharing is secure, the symmetric key used is different for each message sent. Hence it is sometimes called a session key.
Generally, it is recommended to use subkeys instead of the primary key for daily use (signing and encrypting mails and files, ...). The primary key is usually only used to manage your subkeys and certify other people's keys. The advantage is that you can easily revoke and exchange your subkeys without your reputation in the OpenPGP web of trust getting lost (all incoming certifications point to the user IDs, which are connected to the primary key, not the subkeys).
For this reason, whenever you export/share a subkey (without any special options set), the primary key is included; if not, both incoming certifications and the connection to your user IDs (ie. mail addresses) would be missing.
On the other hand, if you export your primary key using gpg --export [keyid]
or upload it using gpg --send-key [keyid]
, by default also subkeys, user IDs and incoming certifications are included.
You can easily verify the primary key being included by running
gpg --list-packets [filename]
which will print a (possible very long) list of all OpenPGP packets contained in the files, ie. primary and subkeys, but also user IDs and incoming certifications.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With