one ecc key-pair for both encryption and signature?

Andrew Gallagher andrewg at
Fri Jan 7 15:21:45 CET 2022

On 07/01/2022 14:06, Bernhard Reiter wrote:
> With 2.2.33 is is not possible to create a single ecc key-pair
> that can do "sign" and "encrypt".

There are circumstances (legal, contractual, operational) where you may 
need to disclose or share an encryption key, so it is best practice to 
keep the encryption-capable subkey distinct. And if you present people 
with the option to do a suboptimal thing, a significant fraction of them 
will choose that option by accident - so usually best not to offer it in 
the first place.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list