I'm coming from using plain old RSA with OpenSSL for all my asymmetric encryption needs, which I learned fairly well, but I'm having a bit of a hard time wrapping my head around the OpenPGP protocol.
Therefor, this is going to be a few questions.
In my Debian box, using GnuPG, upon creation of a master key in the current keychain, I noticed the default creation of a subkey. I learned, after a bit of reading, that GnuPG manages keys this way automatically; the master key used strictly for signing and the subkey used strictly for encryption.
This led me to believe it that they just had different names for a private and public key: The master key (like the private key) was used to sign data that only the subkey (the public key) could decrypt, but the subkey (the public key) could only encrypt data, which could then only be decrypted by the master key (the private key). Am I correct in this assumption, or are they 2 separate key-pairs altogether?
If they are two separate key-pairs, what mathematically binds the subkey to the master key?
Is it just GnuPG that uses this method, where a subkey is created automatically for encryption, or is this mandated by the OpenPGP protocol?
When I upload a key to a keyserver, which key is uploaded, my master key or the subkey? Or both?
When I use the --export function, which OpenPGP key is exported when I specify my UID?
Best Answer
About Primary Keys and Subkeys
You haven't got the concepts of public/private key (also called assymetric) cryptography quite right. Each set of public and private keys is split, you publish the public key so others can use it and keep the private key private. Signatures issued by the private key can be verified through the public key, messsages encrypted using the public key can be decrypted with the private key. There is no immediate relationship between primary key and subkey pairs in OpenPGP, these are completely different key pairs.
The default setup in GnuPG is you have a primary key pair used for certification and signatures, while the encryption subkey is used for encryption only. Using RSA, you could also generate primary keys supporting all those operations (and with GnuPG and the
--expertflag, you can!). This is mostly because of other algorithms like DSA and Elgamal, which only support one of the operations (DSA is for signing only, Elgamal for encryption) where you need to have different keys.There is also some advantage in having different keys for different usages: consider a flaw is found that allows to calculate a private key from signatures under certain conditions. While your signing key would be targeted, the encryption subkey is another one and not targeted by this attack. Some people even consider restricting the primary key to certification only and adding two subkey pairs is best practice, one for signing, one for encryption.
Binding Signatures
In OpenPGP, a special kind of binding signature is issued when a subkey is created. Subkeys capable of signing can also issue such a binding signature on the primary key. Those special signature are defined in RFC 4880, OpenPGP, 5.2.1. Signature Types:
Addressing Subkeys in GnuPG
Usually, in GnuPG key IDs and UIDs are always resolved to the primary key. All export operations (and uploading to a keyserver is also considered an export) also export the subkeys, user IDs and certifications on your key. Similar things exist for other operations like signing and encrypting. If you really want to denote a subkey for operations, you have to add
!behind the subkey (eg.gpg --recipient 0xDEADBEEF! --encrypt).