I propose adding a way to generate a keypair where the private key is generated directly from a passphrase. It should generate and save a public key in the pubring file in the usual way. Saving a secret key in the secring should be optional. The idea is to be able to decrypt without needing a secring file. This is very useful, as evidenced by the fact that people still use the -c option (conventional symmetric encryption) even though you need the passphrase for both decryption and encryption. It would be good to not need the passphrase for encryption. An example application would be an automatic backup script. You would generate encrypted backup files without needing any secret keys. Then if your computer crashes or melts, you can buy a new computer, install a new OS on it, install GPG on it with no key files, and still be able to recover your backups. Anyone who's used GPG/PGP for a long time knows that this kind of thing happens more often than it should. I think the reason PGP didn't have this feature in the beginning is that RSA key generation (the only public-key algorithm then supported by PGP) on those old computers was very slow. But these days, generating an El-Gamal key from a passphrase is very straightforward (just use a hash function) and even generating an RSA key is reasonably fast (because computers are faster now). So I think this would be a worthwhile addition. I'm willing to come up with a patch if the maintainers would like to integrate it.