best practices for creating keys

Andrew Gallagher andrewg at
Fri Nov 27 12:41:14 CET 2015

On 27/11/15 10:32, Peter Lebbing wrote:
> On 23/11/15 21:31, James wrote:
>> It appears that information I had read previously was erroneous. I was
>> under the impression the capabilities (at least for the primary key)
>> were set in stone, hence my apprehension at avoiding those insatiable
>> knobs and gears I like to tinker with. ;)
> Well, GnuPG doesn't provide an easy means to change them; it could be
> that you would need to edit the source.

There's a post about how to do this in the list archives:

... but it's really not worth your while. So long as your primary key
doesn't have E usage set*, you can create new A and S subkeys and simply
refrain from using the primary key for those functions. The only problem
you might run into is if one of your correspondents is using broken
client software that doesn't check signatures against multiple subkeys.
I've no idea how likely this is though.


(*) HIGHLY unlikely unless you've done it on purpose, and in that case
you're probably best advised to revoke it and start over.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151127/89736c87/attachment.sig>

More information about the Gnupg-users mailing list