What is a subkey?

Though it is very important to keep your keys safe, it can become quite tedious to do so when you have many keys. Passwords and Keys provides a simple solution to key safety by using subkeys for signing and encryption.

Whenever you create a new public encryption key, a keypair is generated instead of a single key. This keypair consists of a main key, also called the master key and a subkey. A master key can be used to create additional subkeys that are then bound to it.

What does each key in a keypair do?

  • The master key is used for signing other keys, creating subkeys and revoking subkeys. Your master key must be kept very safe. Signatures of trust are also collected on your master key. If the master key is compromised, you have no choice but to revoke it and all the subkeys attached to it.

  • The default subkey is used for encryption and decryption of messages. Additional subkeys can be created for signing. Though it is important that your subkeys are kept safe, you can always revoke a subkey if it is compromised and create a new one with the original master key.