Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Key Management: Public/Subordinate key

Tags:

security

certificate

key

digital-signature

digital-certificate

I was looking at GnuPG manual (Manual) and came across below section at page 18:

chloe% gpg -edit-key [email protected]

Secret key is available.

pub 1024D/26B6AAE1 created: 1999-06-15 expires: never trust: -/u

sub 2048g/0CF8CB7A created: 1999-06-15 expires: never

sub 1792G/08224617 created: 1999-06-15 expires: 2002-06-14

sub 960D/B1F423E7 created: 1999-06-15 expires: 2002-06-14

(1) Chloe (Jester) <[email protected]>

(2) Chloe (Plebian) <[email protected]>

It says: The keyword pub identifies the public master signing key, and the keyword sub identifies a public subordinate key.

I am not understanding, what is subordinate key for? Any help?

like image 605
Vicky Avatar asked Feb 10 '11 15:02

Vicky

People also ask

What is DEK and KEK?

Data encryption key (DEK): is an encryption key whose function it is to encrypt and decrypt the data. Key encryption key (KEK): is an encryption key whose function it is to encrypt and decrypt the DEK.

How many types of key management are there?

There are two aspects for Key Management: Distribution of public keys. Use of public-key encryption to distribute secrets.

What is meant by key management?

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

What are the three phases of the cryptographic lifecycle?

- Pre-operational: The keying material is not yet available for normal cryptographic operations. Operational: The keying material is available and in normal use. - Post-operational: The keying material is no longer in normal use, but access to the material is possible.

1 Answers

Short version: keys are tagged and used for different types of functions. For example, the primary key must be a signing key. Subordinate keys allow for additional functions (ie encryption).

Long Version: From the GNUPG site:In a public-key system, each user has a pair of keys consisting of a private key and a public key.... GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.
...
GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption
...
it is possible to later add additional subkeys for encryption and signing.

like image 79
xelco52 Avatar answered Sep 29 '22 11:09

xelco52
Sign in to Comment

Related questions

Sql injection can someone explain this code to me
How to check png file if it's a decompression bomb
Rails image and tracking protection
Is preventing open redirects attack in nodejs secure?
What is the benefit of blocking cookie for clicked link? (SameSite=strict)
Spring Security - whitelist IP range
How/why cygwin breaks windows permissions?
Where store password / login-path in MariaDB (equivalent for mysql-config-editor)?
How to secure store password in a JCL FTP?
How to deploy software builds from Azure DevOps to internal servers?
Are Intel's PTT and TPM equivalent
Potential legal issues with storing Social Security/Insurance Numbers (SSNs/SINs)? [closed]
Best way to authenticate users in a web application
Generating 128-bit keys with keytool
User.IsInRole returning false
How to protect an online judge against malicious code?
Make a connection to a HTTPS server from Java and ignore the validity of the security certificate
PHP htmlentities() on input before DB insert, instead of on output
Enforcing Facebook Authentication: Client-side and server-side
Is Transport Level Security Necessary When Using Message Level Security in WCF?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!