Is it possible to remove capabilities from an existing key?

Philip Jägenstedt philip at
Wed Sep 11 23:42:30 CEST 2013

My public key has the default capabilities sign and certify. I've seen
that some people have only the certify capability in order to be able to
keep the main key offline most of the time.

Is it technically possible to change the capabilities of an existing
key, even if there's no way to do it via --edit-key?

If it's not possible, what would be the consequence of adding a subkey
with the sign capability, which key would be used when both are

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20130911/1f40e543/attachment.sig>

More information about the Gnupg-users mailing list