How securely should one treat their primary public key?

Question

First of all, is my understanding correct that primary keys and subkeys are all key pairs consisting of a private and a public key?

I get the rationale behind using primary keys and subkeys¹, and why one should keep the private primary key (or master key) "very, very safe", but not sure what the consensus is on handling the public primary key? Is this the one that should be shared with others or uploaded to a key server²? (Sometimes this may be an explicit requirement.)

It was also confusing to see sentences such as "GnuPG actually uses a signing-only key as the master key" but realized that this refers to the private primary key because (quoting from the same source)

You use the private key to digitally sign files, and others use the public key to verify the signature. Or, others use the public key to encrypt something, and you use the private key to decrypt it.

[1]:

To use different keys for signing and encrypting
to mitigate the effect of lost/stolen keys (see also)
(TODO: continue list with more)

[2]: Superuser thread: Where to upload PGP public key? Are KeyServers still surviving?

The whole point of a Public Key is that it may be **Public**. — user10216038, May 26 '21 at 17:23
That's why I'm confused with some posts that I've read where it seems that **public primary** keys should be treated more securely than **public sub**keys. Or my reading comprehension skills are just poor, but confirmation never hurts. — toraritte, May 26 '21 at 18:07

score 1 · Accepted Answer · answered May 26 '21 at 21:08

... is my understanding correct that primary keys and subkeys are all key pairs consisting of a private and a public key?

Absolutely. Sometimes to keep it simple we say "key", where as actually we mean "key pair".

... handling the public primary key? Is this the one that should be shared with others or uploaded to a key server?

Correct. The public key of the master key pair is what proves that the signatures associated with this public key was made by you. That's why you make the public key of your master key pair available publicly.

How can one trust your subkeys? When you are using subkey, you provide also certification signature that shows that particular subkey (namely, the public key of subkey pair) is signed by your master key.

The idea behind this is following: When one trusts your master key, then one trusts subkey signed by this masker key.

How securely should one treat their primary public key?

1 Answers1