Different signing & encryption keys

Peter Lebbing peter at digitalbrains.com
Wed Aug 13 12:01:45 CEST 2014

On 13/08/14 10:56, Philip Jackson wrote:
> I don't recall having been prompted by gpg to specify a sub-key so I could say
> that gpg produced a single key 'by default'.

You say you generated it with the --batch command, and go on to say you
weren't prompted. Since --batch, unattended key generation, is for
non-interactive use, you will not be prompted because you are expected
not to interact.

If I look at the docs for unattended key generation, it seems that
indeed not specifying a Key-Usage: implies all usages are enabled.

Unattended key generation is not normally a user-facing interface. Many
people will probably not even know it's there. I don't think it helps to
call it what GnuPG works like by default.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list