Each OpenPGP key has a single master key used to sign only. Subkeys are used to encrypt and to sign as well. In this way, if your sub key is compromised, you don't need to revoke your master key.
This is the identifier of the subkey.
Specifies the encryption algorithm used to generate a subkey. DSA keys can only sign, ElGamal keys are used to encrypt while RSA keys are used to sign or to encrypt.
Indicates the date the key was created.
Indicates the date the key can no longer be used.
Indicates the status of the key.
Indicates the length in bits of the key. In general the longer the key, the more security it provides.
A long key is not enough to make up for the use of a weak passphrase.
To add a subkey to a key, from the Subkeys section click on Add button.
After following the instructions above, you will be presented with a dialog to fill in. The fields are detailed below.
Specifies the encryption algorithm used to generate a subkey.
Use the Digital Signature Algorithm (DSA) to create the subkey. This subkey can sign only.
Use the ElGamal algorithm to create the subkey. This subkey can encrypt only.
Use the Rivest-Shamir Adleman (RSA) algorithm to create the subkey. This subkey can be used to sign or encrypt, but you have to create two different subkeys.
Indicates the length in bits of the subkey. In general the longer the key, the more security it provides.
Indicates the date the subkey can no longer be used.
To change a subkey expiration date, select the subkey from the Subkeys section, then:
To revoke a subkey, select the subkey from the Subkeys section, then:
Click on the Revoke button on the left,
Choose a reason why to revoke the subkey:
There isn't a specific reason to revoke the key.
The key has been compromised.
The key has been superseded by another one.
The key is not used anymore.
Enter a description of why you are revoking the key,
Click on Revoke.
The effect of revoking a subkey is immediate.