Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

s7r s7r at
Tue Aug 29 02:11:29 CEST 2017

Robert J. Hansen wrote:

>>>> 2. Is it possible to have just one key (the primary one, no subkey) with
>>>> E flag also (S,C,E) -- I know this is not recommended but this is a
>>>> particular use case and the risks are acknowledged. I guess gnupg will
>>>> not allow you to do this by default, but is there any magic that can be
>>>> done?
>>> Yes.
>> How? I tried in expert mode but didn't manage.
> --expert --full-generate-key
> Options 8 or 11 should work for you.  Haven't verified it.

Tried both of them, not working. They only produce a single primary key
(8 RSA or 11 ECC) with S,C capabilities (without E).

I have even generated it normally (primary key with capabilities S,C +
subkey with E capability) and tried to edit the key after that, by
deleting the subkey and trying to toggle the capabilities of the primary
key but E is not a valid option to select as capability for the primary key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170829/33708ab7/attachment-0001.sig>

More information about the Gnupg-users mailing list