Questions I would like to find in a sub-keys FAQ. I miss the answers.

Jose Simoes wrote:
> (a) sub-keys are created in pars (private+public) or just one key at
> a time.

Pairs.

> (b) can any sub-key be used to encrypt AND to sign documents?

What do you mean by 'any'? English is unfortunately ambiguous here.

If you mean "do there exist subkey types that can encrypt and sign
documents", yes, RSA subkeys can do this. However, this behavior is not
recommended.

If you mean "can all subkeys, regardless of type, be used to encrypt and
sign documents", then no. Some algorithms are sign-only (DSA). Even
RSA subkeys can be marked as "encrypt-only", "sign-only", and/or
"certify-only". Most of the time RSA subkeys are marked as
"encrypt-only" or "sign and certify only".

> (c) Can sub-keys share the same password / phrase with the main key
> and other sub-keys ?

They always do.

>; (d) If I have a valid (main) public + private encrypted key +
> appropriate password can I generate any number of sub-keys with any
> time limit and anytime I want?

There's going to be _some_ limit, but it's very unlikely to be one
you'll reach in practice. You'll find your correspondents asking you
";why, man, _why_ do you have 4,000 subkeys?!" long before you reach the
subkey limit.

> (e) Someone with 2 different of my (public?) sub-keys and its
> fingerprints has a good change of find out the are sub-keys of the
> same key?

Subkeys only exist in connection with the main key. So yes, this is
pretty much guaranteed.

> (f) Can I use a expired sub-key (knowing the encrypted sub-key and
> the password) to decrypt or check the signature of a document -
> probably encrypted or signed long ago when when the key was valid ?

Yes. You'll get a warning message, but it will still decrypt and/or
verify. You just can't use an expired subkey to encrypt and/or sign a
message, not without a certain amount of work and tweaking.

> (g) If some one signs my main key is it necessary to signed any sub-
> key (more: and if the sub-key was created after the signature?) .

Other people sign your user identities, not your subkeys. Thus, this
question really can't be answered, since it's predicated on a
misunderstanding of key signatures.

> (h) Can I create a revocation certificate for a sub-key if I lost
> the sub-key (but still have everything about the main key).

Unknown, but I believe so.

Hope this helps!

Messages in this topic (2) Reply (via web post) | Start a new topic

.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

In reply to Robert J. Hansen's message sent 2006-10-24 09:35:

> Jose Simoes wrote:

>> (h) Can I create a revocation certificate for a sub-key if I lost
>> the sub-key (but still have everything about the main key).
>;
> Unknown, but I believe so.

I'm with you, here. I think that as long as you can get your hands on
the public part, it may be possible. I've never had to do this, nor
tried it for fun

- --
List Moderator, PGP Encryption Help Team

Mike Daigle http://www.mikedaigle.ca
My PGP Key Send email with subject=pgpkey-request
Gossamer Spider Web of Trust http://www.gswot.org

-----BEGIN PGP SIGNATURE-----
Comment: GSWoT:CA1 Gossamer Spider Web of Trust www.gswot.org
Comment: Mike Daigle Ontario, Canada www.mikedaigle.ca

iEYEAREDAAYFAkU+GYAACgkQTvHh4CsVTmInKwCgh/AEBbxL+uufV6G8UITFJoLp
Qo8An23;RFsdBfPu4DRy9owtj4lodAnik
=VgIh
-----END PGP SIGNATURE-----

Messages in this topic (4) Reply (via web post) | Start a new topic

.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:
> Jose Simoes wrote:
>> (h) Can I create a revocation certificate for a sub-key if I lost
>> the sub-key (but still have everything about the main key).
>;
> Unknown, but I believe so.
>
> Hope this helps!
>

How could one lose a sub-key but still have everything about the main key?

- --
Jeffrey R. Allen
OpenPGP Key ID: 0x5114AEA7
http://tinyurl.com/h6kxf

"There is no fate that cannot be surmounted by scorn."
- - Albert Camus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBRT4uxGjmIBFRFK6nAQK3wwgAkD3Ny2t0tdQpgaVh6O1JlSCrP8RzdVgR
6JW3hQWFkh8QeWPdozgpTOFltbAMfLN285bfS0l4jvba/0wkWN9huwkgzcxvyteS
EoQ/GqyZwINw4MvARGI8oT1lekstmbrWpU+qwvFJ1MXLoPWXEOWaWEDTJx70/pCf
mX9feszRRnfbNyazHM8vgZUEW2Gq/ime4TTUGjdI22CedBp2RA1hixTK4lhuGGUl
h5VZWVtafzX3VgsGT5zXYxbRGFrGforvtHpDFOCMN8dSCbQpe3YvKvyG18L+pNav
o+eOMYWznNYNJWu69Kdqi4xxOer00Cgxl5htXC/t4DtvON50DSuDMA==
=2jI+
-----END PGP SIGNATURE-----

Messages in this topic (6) Reply (via web post) | Start a new topic

.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jeff Allen wrote:
> How could one lose a sub-key but still have everything about the main key?

Old joke:

1. Ask someone to remove a bill from their wallet.
2. Have them add up all the digits in the serial number.
3. Multiply by the denomination of the bill.
4. Divide by the next higher denomination (don't forget the $2 bill!).
Remainders may be discarded.
5. Recite the least significant bit of the result (either 1 or 0).

If you can do all of this without once asking why, congratulations: you
have a great future ahead of you in computer programming!

... Less metaphorically, how should I know? I just answered the
question. I didn't ask it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQEcBAEBCgAGBQJFPlHZAAoJELcA9IL+r4EJR/sH/jp6Yt2utmKF5vb/j+mnKfDj
h/8SzoTZRvtvCI5IZIaPxIY9iUM3LYY3lYDQT5XrJpWyAx2kn3fEVoWn7bfgX9Li
j9ygVP6VzYaTF/GWzO1Q6qBfuyEw2YMUPs7wmf71ZyjX4RLK7G1NWhsr51YxrrWA
gMlmchBuNeO9HpXY5EE3;PPf9dTqGjk8n7k1/l/0ZR/JPcc+;puBuIKbzRNtzt459Z
35v59IAXR621uwrddOvtdanB0K6ecGUv+BT0MUBtQq2sGUJW74Z5w2wu67tvy8wm
soIz+X3IX9g/PUfNWIycrefy9E7v216vfMF7qtwbNaKvjjV20CQkA8+/GUDENeE=
=5Tho
-----END PGP SIGNATURE-----

Messages in this topic (8) Reply (via web post) | Start a new topic

.