// glossary / pgp-subkey

PGP subkey.

A secondary key attached to a primary OpenPGP key. The primary is the identity — it certifies User IDs and binds the subkeys to itself. The subkeys do the day-to-day work: one for signing messages, one for encryption. Separating these roles lets you rotate the working keys without losing the identity.

// definition

A subkey is a cryptographic key bound to a primary OpenPGP key via a signature from the primary. Modern OpenPGP keys typically have a primary (for certification) plus a signing subkey and an encryption subkey for actual operations.

What it is.

OpenPGP separates identity from operation. The primary key is your long-term identity — its fingerprint is what you publish, and it signs ("certifies") your User IDs and any subkeys attached to it. The primary doesn't have to be online to send or receive encrypted messages; once it's certified the subkeys, the subkeys do the work.

A signing subkey creates signatures on messages, files, and other content. A encryption subkey is the target that others encrypt to. Both are bound to the primary by signatures from the primary key — the binding signature proves "I, the primary key holder, authorize this subkey to act on my behalf."

A key can have multiple subkeys of each type, and subkeys can have their own expiration dates independent of the primary. Old subkeys can be retired and replaced without changing the primary key's identity.

Why this structure exists.

Three practical reasons:

Rotate working keys without losing identity. If a signing subkey is compromised, revoke just that subkey and issue a new one. The primary key — and your fingerprint, and everyone's trust in it — remains intact.
Keep the primary offline. High-security setups put the primary key on an air-gapped machine or hardware token. Only the subkeys live on the working device. If the working device is compromised, the attacker gets the subkeys (rotatable) but not the primary (the irreplaceable identity).
Specialize per device or role. A laptop and a phone can each have their own subkey, both bound to the same primary. Lose the phone, revoke just its subkey, your primary identity is unaffected.

For everyday users this is mostly transparent — your tool generates a primary + subkeys structure by default and you don't think about it. For high-value identities (release signers, security-team accounts), the separation is the entire point.

// gpg --list-keys output

pub ed25519 2024-03-15 [SC] ← primary key, [S]ign [C]ertify AAAA BBBB CCCC DDDD EEEE FFFF 1111 2222 3333 4444 uid [ultimate] You <you@example.com> sub cv25519 2024-03-15 [E] ← encryption subkey sub ed25519 2024-03-15 [S] ← signing subkey

// in PGPony Key generation in PGPony produces the standard structure: a primary key with attached signing and encryption subkeys. The key detail view shows the primary fingerprint and lists the subkeys with their capabilities (sign, encrypt, certify) and expiration dates.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.

Download on the App Store Get it on Google Play