Questions about particular use cases (integrity verification w/o private key, add E flag to primary key, import secp256k1 key)

Robert J. Hansen rjh at
Tue Aug 29 02:42:26 CEST 2017

> It works with a RSA key, but not with ECC. Try with secp256k1 and you'll
> only get Sign and Certify capabilities. At least this is what happens on
> my side.

I apologize for sounding like I'm condescending here: it's not my
intent.  However, there are very important things you are apparently not
quite understanding, so I'm going to be excruciatingly clear.

A primary key must have the Certify capability -- it's used to certify
the subkeys, after all.

This means algorithms which can only encrypt cannot serve as a primary key.

ECC algorithms come in two varieties: ones that can sign (EdDSA, ECDSA)
and ones that can encrypt (the rest).

So if you insist on using ECC, you must use EdDSA or ECDSA as the
primary key.

Which means your primary key cannot encrypt.

RSA does not have this limitation.  RSA can be used for signing and

This is why my example used RSA.

Use RSA.

More information about the Gnupg-users mailing list