[NOOB] Export subkey

2012-08-27 Thread Arthur Rance 

Hello,
I'm a noob and I'm going to export a subkey :
$ gpg --list-keys
pub   2048R/12345678 2010-01-01uid  Arthur Rance 
arthur_ra...@noob.comsub   2048R/90123456 2010-01-01sub   2048R/78901234 
2012-08-27
$ gpg --export --armor 78901234  78901234.txt
$ gpg --export --armor 12345678  12345678.txt
$ diff 78901234.txt 12345678.txt
Why is there no difference between the subkey and my public key ?

Maybe I misunderstood something...
  ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [NOOB] Export subkey

2012-08-27 Thread Ben McGinnes 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 28/08/12 1:17 AM, Arthur Rance wrote:
 Hello,
 
 I'm a noob and I'm going to export a subkey :
 
 $ gpg --list-keys
 
 pub   2048R/12345678 2010-01-01 uid  Arthur Rance
 arthur_ra...@noob.com sub   2048R/90123456 2010-01-01 sub
 2048R/78901234 2012-08-27
 
 $ gpg --export --armor 78901234  78901234.txt
 
 $ gpg --export --armor 12345678  12345678.txt
 
 $ diff 78901234.txt 12345678.txt
 
 Why is there no difference between the subkey and my public key ?

Because --export is for exporting your public key and GPG recognises
the IDs of the subkeys as belonging to 12345678.  The public key won't
change even if you delete your master key and only use the subkeys on
a day to day basis.


Regards,
Ben
-BEGIN PGP SIGNATURE-

iQGcBAEBCgAGBQJQO77WAAoJEH/y03E1x1U8KngL/RCoH52bds0qlvkzyYaWAqXn
ZvTyqkHgdCCGfT7yIagtNqDYEOlZocp9i3Hf9XzfzZWrjmZnwPnB1pL7w82HJq9v
cWoS6XewOOUpXfD3KEiBnX+cb+jTAyQiNi7BAFwNYDcIxRN5wnR6URCPgnszz3D8
YVfLSFVf14+pmOsojJpK6EvkR2j03T87oGI/5Q69EytYVO/i+n4ldB22reTnsmZA
Y6FIYDBfK3Z3GGZjT3Hs7MADrzGYSRlM1y5lFxke+Ddax7RBi91+iHW3y/RnDnkP
J9iTp/oKY54YXjMVw5t1pxYIz/VQijlj9b31/6jgQvg6OKGKtgS7soBNhUScs5aX
HSFRvAmsVTv32IuEfNS9HKMvt/l5cguuybMjBtDBipN8eCWq/D4FV1RJEAFT5dZm
59vv5k4jxKPDzvWJx0PL4OH/C0FaC2/uAxx7/3q9L7O0Tau7GGCkR5EQ2R2ofsSM
1VMlh0xA0FDpj6XMgQ7h+dEvMF5A6+cV/bhzxP5xLQ==
=My2u
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: [NOOB] Export subkey

2012-08-27 Thread Nicholas Cole 
On Monday, August 27, 2012, Arthur Rance wrote:

  Hello,

 I'm a noob and I'm going to export a subkey :

 $ gpg --list-keys

 pub   2048R/12345678 2010-01-01
 uid  Arthur Rance arthur_ra...@noob.comjavascript:_e({}, 
 'cvml', 'arthur_ra...@noob.com');
 
 sub   2048R/90123456 2010-01-01
 sub   2048R/78901234 2012-08-27

 $ gpg --export --armor 78901234  78901234.txt

 $ gpg --export --armor 12345678  12345678.txt

 $ diff 78901234.txt 12345678.txt

 Why is there no difference between the subkey and my public key ?


 Maybe I misunderstood something...


--export exports your whole public key.  It probably doesn't make sense to
only export a public subkey -- public keys are supposed to be public  - and
various important bits of information are tied to the main key in any case.
 Your user id, for example, is stored on the main key.

Secret subkeys are another matter, and if you look at the man page you will
see there is a facility to export them.  You would want it if, for example,
you wanted to keep the main key on one computer and put only the secret
subkey parts on another.

But if you are new to gpg and just using it as an individual, my strong
advice unless you have very particular needs is to ignore the subkey
elements and treat them as part of the technical inner workings of the
maths side of Gpg  You almost certainly don't need to manipulate them for
now.

I don't say this to be condescending.  One of the great strengths of
OpenPGP and of gpg is that they provide very a by flexible tool that can be
used in a huge number of situations.

Subkeys were introduced partly as a technical implementation detail: it is
bad security practice to use the same key for both signing and encrypting
(and with some algorithms impossible), so PGP needed a way to tie groups of
keys together and treat them as a single key.  They do, however, introduce
some benefits that can be useful in particular settings --- to occasionally
change encryption keys, for example.  The OpenPGP card can also be set up
to use only subkeys, which can be useful in preserving the web of trust if
a card is lost or damaged (though whether this is a good idea and worth the
complexity is going to vary from situation to situation).

I hope that helps.

Best wishes,

N
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users