On 09/11/2013 05:42 PM, Philip Jägenstedt wrote: > My public key has the default capabilities sign and certify. I've seen > that some people have only the certify capability in order to be able to > keep the main key offline most of the time. > > Is it technically possible to change the capabilities of an existing > key, even if there's no way to do it via --edit-key? > > If it's not possible, what would be the consequence of adding a subkey > with the sign capability, which key would be used when both are > available?
i believe GnuPG uses the most-recently-updated subkey that it believes to have signing capability, unless you force the subkey in question via --local-user or --default-key with a ! suffix (see the "By key Id." section in gpg(1)). --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users