Making a subkey a standalone Master key

Peter Lebbing peter at
Tue Apr 21 18:30:19 CEST 2020

Another idea would be to deliberately destroy the encrypted primary key
material you upload to ProtonMail. I'd suggest setting the capabilities
of the primary key to just Certify, not Sign. It could very well be that
ProtonMail never tries to decrypt the encrypted primary private key
then, because it is never asked to do a certification. And since you can
only tell that the encrypted material has been destroyed once you
actually try to decrypt it, it would never notice and chug on happily
oblivious it has been lied to.

Oh, to answer the original question, you're looking for

$ gpg --expert --full-gen-key

and then option (13) Existing key.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list