I was looking at GnuPG manual (Manual) and came across below section at page 18:
chloe% gpg -edit-key [email protected]
Secret key is available.
pub 1024D/26B6AAE1 created: 1999-06-15 expires: never trust: -/u
sub 2048g/0CF8CB7A created: 1999-06-15 expires: never
sub 1792G/08224617 created: 1999-06-15 expires: 2002-06-14
sub 960D/B1F423E7 created: 1999-06-15 expires: 2002-06-14
(1) Chloe (Jester) <[email protected]>
(2) Chloe (Plebian) <[email protected]>
It says: The keyword pub identifies the public master signing key, and the keyword sub identifies a public subordinate key.
I am not understanding, what is subordinate key for? Any help?
Data encryption key (DEK): is an encryption key whose function it is to encrypt and decrypt the data. Key encryption key (KEK): is an encryption key whose function it is to encrypt and decrypt the DEK.
There are two aspects for Key Management: Distribution of public keys. Use of public-key encryption to distribute secrets.
Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
- Pre-operational: The keying material is not yet available for normal cryptographic operations. Operational: The keying material is available and in normal use. - Post-operational: The keying material is no longer in normal use, but access to the material is possible.
Short version: keys are tagged and used for different types of functions. For example, the primary key must be a signing key. Subordinate keys allow for additional functions (ie encryption).
Long Version: From the GNUPG site:In a public-key system, each user has a pair of keys consisting of a private key and a public key.... GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.
...
GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption
...
it is possible to later add additional subkeys for encryption and signing.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With