I used gpg to create a key pair. I understand that a master key for signing only and a sub key for encryption only are generated. Following the Debian Wiki, I created a sub key for signing for better security, and buried my master secret key in the forest.
However, I am confused for what to publicize and how to tell people to verify with my sub key. First, I've uploaded my key to subkeys.pgp.net. But I see people publicize fingerprints on their websites, but should I do it for both of my two signing keys, and mark one of them as master and the other one sub key?
Best Answer
Share your full public key, which will include the public primary key, public subkeys, user IDs and certifications (and some further, special packets).
For getting your key certified (or advertising it for usage on your website), the only thing you need to exchange is your primary key's fingerprint. Signatures are issued on pairs of user IDs and primary keys, subkeys are not involved in the certification process at all.
When somebody wants to use your key and download it, his (mail) application will automatically select an encryption key (usually, the newest) - in your case, the subkey.
Primary keys are for key-management, including sharing it; subkeys are for "daily usage": signing, encryption, authentication.