Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Key Management: Public/Subordinate key

I was looking at GnuPG manual (Manual) and came across below section at page 18:

chloe% gpg -edit-key [email protected]

Secret key is available.

pub 1024D/26B6AAE1 created: 1999-06-15 expires: never trust: -/u

sub 2048g/0CF8CB7A created: 1999-06-15 expires: never

sub 1792G/08224617 created: 1999-06-15 expires: 2002-06-14

sub 960D/B1F423E7 created: 1999-06-15 expires: 2002-06-14

(1) Chloe (Jester) <[email protected]>

(2) Chloe (Plebian) <[email protected]>

It says: The keyword pub identifies the public master signing key, and the keyword sub identifies a public subordinate key.

I am not understanding, what is subordinate key for? Any help?

like image 605
Vicky Avatar asked Feb 10 '11 15:02

Vicky


People also ask

What is DEK and KEK?

Data encryption key (DEK): is an encryption key whose function it is to encrypt and decrypt the data. Key encryption key (KEK): is an encryption key whose function it is to encrypt and decrypt the DEK.

How many types of key management are there?

There are two aspects for Key Management: Distribution of public keys. Use of public-key encryption to distribute secrets.

What is meant by key management?

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

What are the three phases of the cryptographic lifecycle?

- Pre-operational: The keying material is not yet available for normal cryptographic operations. Operational: The keying material is available and in normal use. - Post-operational: The keying material is no longer in normal use, but access to the material is possible.


1 Answers

Short version: keys are tagged and used for different types of functions. For example, the primary key must be a signing key. Subordinate keys allow for additional functions (ie encryption).

Long Version: From the GNUPG site:In a public-key system, each user has a pair of keys consisting of a private key and a public key.... GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.
...
GnuPG is able to create several different types of keypairs, but a primary key must be capable of making signatures. There are therefore only three options. Option 1 actually creates two keypairs. A DSA keypair is the primary keypair usable only for making signatures. An ElGamal subordinate keypair is also created for encryption
...
it is possible to later add additional subkeys for encryption and signing.

like image 79
xelco52 Avatar answered Sep 29 '22 11:09

xelco52