OpenPGP Subkey Properties

Each OpenPGP key has a single master key used to sign only. A subkey is used to encrypt and to sign as well. In this way, if your subkey is compromised, you don't need to revoke your master key.

ID

This is the identifier of the subkey.

Type

Specifies the encryption algorithm used to generate a subkey. DSA keys can only sign, ElGamal keys are used to encrypt while RSA keys are used to sign or to encrypt.

Created

Indicates the date the key was created.

Expires

Indicates the date the key can no longer be used.

Status

Indicates the status of the key.

Strength

Indicates the length in bits of the key. In general the longer the key, the more security it provides.

A long key is not enough to make up for the use of a weak passphrase.

6.1. Adding a Subkey

To add a subkey to a key, from the Subkeys section click on Add button.

After following the instructions above, you will be presented with a dialogue to fill in. The fields are detailed below.

Key Type

Specifies the encryption algorithm used to generate a subkey.

DSA

Use the Digital Signature Algorithm (DSA) to create the subkey. This subkey can sign only.

ElGamal

Use the ElGamal algorithm to create the subkey. This subkey can encrypt only.

RSA

Use the Rivest-Shamir Adleman (RSA) algorithm to create the subkey. This subkey can be used to sign or encrypt, but you have to create two different subkeys.

Key Length

Indicates the length in bits of the subkey. In general the longer the key, the more security it provides.

Expiration Date

Indicates the date the subkey can no longer be used.

6.2. Changing a Subkey Expiration Date

To change a subkey expiration date, select the subkey from the Subkeys section, then:

  • Click on the Expire button on the left,
  • From the date dialog choose the new expiration date or select Never expires for no expiration date.

6.3. Revoking a Subkey

To revoke a subkey, select the subkey from the Subkeys section, then:

  • Click on the Revoke button on the left,

  • Choose a reason why to revoke the subkey:

    No Reason

    There isn't a specific reason to revoke the key.

    Compromised

    The key has been compromised.

    Superseded

    The key has been superseded by another one.

    Not Used

    The key is not used anymore.

  • Enter a description of why you are revoking the key,

  • Click on Revoke.

The effect of revoking a subkey is immediate.

6.4. Deleting a Subkey

To delete a subkey, select the subkey from the Subkeys section, then:

  • Click on the Delete button on the left.