Create a key without subkey?

Alphax alphasigmax at
Sun Oct 1 17:00:59 CEST 2006

Eike Herzbach wrote:
> Hi,
> How do I generate an encryption key with gnupg? I tried some options
> but it always generates me a sign-only key with an encryption subkey.
> I need to receive encrypted financial data from a system that uses
> PGP5. When I send in my key to that system it outputs me the
> following:
> ----[PGP Ausgabeprotokoll]----
> Adding keys:
> Key ring: 'eike at'
> Type Bits KeyID      Created    Expires    Algorithm       Use
> pub  1024 0xAF7B19C4 2006-09-25 ---------- DSS             Sign only
> sub  2048 0x508FA9D7 2006-09-25 ---------- Diffie-Hellman
> uid  Eike Herzbach <eike at>
> Later when the system tries to send me an encrypted message it fails
> and says that it can't encrypt with a Sign-only key. (I guess it is
> not able to use the subkey and only sees the 'outer' key)
> Is there a way to fix this in GnuPG? Or do I have to get PGP5 to
> generate such a key?

Questions, questions...

What version of GPG are you using?

What options did you try?

What do you want this key to be able to do?

What does GPG tell you about the key?

You probably want "gpg --expert --gen-key", select "(7) RSA (set your
own capabilities)", and to set "Sign, encrypt, certify".

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061002/27817d8e/signature.pgp

More information about the Gnupg-users mailing list