Bitcoin Forum
November 10, 2024, 03:01:08 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: PGP key or subkey? What about the expiration?  (Read 1081 times)
blisscan (OP)
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile WWW
September 07, 2013, 05:15:51 PM
 #1

Hi,

I have generated a PGP key. Now, if I want to use it for signatures and authentication, should I use the master key or a subkey? My understanding is that it is better a subkey, but I am not sure.

Another question: When I generated the key, I set an expiration date of 30 days. Is this okay? What is the common practice regarding the expiration?

Thanks
brom
Newbie
*
Offline Offline

Activity: 23
Merit: 0



View Profile WWW
September 07, 2013, 05:32:39 PM
 #2

It really depends on how often you wish to generate a new key.  For example, lets say you have 5 friends you wish to talk to; all of them would need a copy of your PGP public key (never give anyone your private key).  In this scenario, you may choose to not even have an expiration, to alleviate constant regeneration and resharing of keys.  The function of expiration, is to invalidate the keys after a certain duration of time; for most general usage, you may want the key valid for at least a year.  Also ensure you are using a 4096 RSA AES key; anything less is impractical.
blisscan (OP)
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile WWW
September 07, 2013, 06:32:21 PM
 #3

I checked some random addresses here:
http://bitcoin-otc.com/viewgpg.php

And no one seems to use subkeys or expiration dates ... I am afraid that I might have trouble when my key expires ...

I'll wait a bit to see if some expert can provide detailed information. Otherwise I'll just do what the others do.
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
September 08, 2013, 12:20:14 AM
 #4

By default, the master key is used for signing and verifying signatures, and a single subkey is used for encryption and decryption. Note that your software will manage this automatically, and you shouldn't be messing with subkeys unless you know what you're doing.

30 day expiration is extremely short. At least a year is more common, if an expiration date is set at all. In any case, just before your key expires, you will need to create a new key and sign it with the old key (the signature proving to anyone using your old key that the new key is a genuine replacement and not, say, a MITM attack).

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
blisscan (OP)
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile WWW
September 10, 2013, 08:51:51 PM
 #5

By default, the master key is used for signing and verifying signatures, and a single subkey is used for encryption and decryption. Note that your software will manage this automatically, and you shouldn't be messing with subkeys unless you know what you're doing.

30 day expiration is extremely short. At least a year is more common, if an expiration date is set at all. In any case, just before your key expires, you will need to create a new key and sign it with the old key (the signature proving to anyone using your old key that the new key is a genuine replacement and not, say, a MITM attack).

Thanks for your detailed information. I wanted a key to participate in bitcoin-otc, the web of trust and, in general, to sign my messages. Apparently I ended up with two different keys:
Code:
pub   4096R/3EAE300E 2013-09-07 [expires: 2013-10-07]
uid                  Bliss Can <blisscan@safe-mail.net>
sub   4096R/9985AEB1 2013-09-07 [expires: 2013-10-07]

I guess that the right thing to do is to use the subkey for day-to-day activities and keep the master key in a safe and use it only to generate subkeys. The thing is that the documentation that I could find
http://wiki.bitcoin-otc.com/wiki/GPG_authentication
does not mention anything about subkeys, and that is the origin of the confusion.
Foxpup
Legendary
*
Offline Offline

Activity: 4533
Merit: 3184


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
September 11, 2013, 02:06:06 AM
 #6

I guess that the right thing to do is to use the subkey for day-to-day activities and keep the master key in a safe and use it only to generate subkeys.
No, the master key and subkey(s) are part of the same key. Do not attempt to separate them and do not attempt to create additional subkeys unless you know what you're doing.

The thing is that the documentation that I could find
http://wiki.bitcoin-otc.com/wiki/GPG_authentication
does not mention anything about subkeys, and that is the origin of the confusion.
It doesn't mention them because they're handled automatically. There should be no confusion as you never need to deal with them.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
blisscan (OP)
Newbie
*
Offline Offline

Activity: 52
Merit: 0



View Profile WWW
September 11, 2013, 07:14:32 AM
 #7

Thanks again again for the explanation!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!