Keys and Subkeys

Using subkeys

Subkeys are independent key pairs associated with the primary key. There are differences between Sequoia PGP and other OpenPGP implementations in how keys are structured by default when they are generated. sq generates a primary key for certification and separate subkeys for authentication, signing, and encryption, and it's possible to generate more subkeys if needed. For more technical information, see chapter Keys and certificates.

The primary key should be the most protected one and therefore should be stored offline where no one can have access to it.

For this reason, the best practice is not to publish the primary certificate. Instead, it makes sense to only publish certificates created from subkeys, to avoid other people using the certificate of the primary key. Again, this is not a security consideration, but if people use the primary certificate, it will become difficult to keep the primary key offline.

In this scenario, subkeys are the ones to use for frequent work; it's enough to publish the certificates of the respective subkeys. It makes sense to rotate them more often by revoking them faster and letting them expire earlier than the primary key. The primary key can be used to revoke a subkey if necessary.

To prevent losing data if an encryption subkey is lost, it's vital to keep a backup of it in a safe place.

In case of a signing key, it is not as important or even not recommended to have a backup. This is simply to minimize the risk of key theft by avoiding storing it in two different places. If the key is lost, functionality will not be limited, signatures made previously with that key will still remain valid, and for future signatures you can generate a new subkey using the primary key.

As an aside, in some countries, there may be even more of a need to separate keys for encryption and signing in terms of key disclosure laws. For example, in the UK and in France it can be construed as a crime not to decrypt and/or provide a decryption key to law enforcement agencies if required, even without a court order. In these cases, the rest of the key material should remain safe; using separate subkeys for each function maximizes that protection.