defer use of new signing subkeys
Open, NormalPublic


when i add a new subkey to my OpenPGP certificate, it isn't immediately accepted in every validating service (that is, everywhere that my key is known and authorized to do stuff e.g. mailing lists that require signed mails to post, upload queues that require signed files).

however, when gpg makes signatures, it chooses the most recent signing-capable key.

This leaves me in a situation where i have to go and manually fiddle with which subkey to sign with, based on whether or not the validating service has updated my certificate yet.

It'd be nice to be able to mark a signing-capable secret subkey as "deferred" so that it doesn't get used by default. then, when the validating services have accepted the new subkey, i can removed the "deferred" marking and carry on.


dkg created this task.Sep 26 2017, 10:15 PM
werner triaged this task as Normal priority.Sep 27 2017, 10:06 AM
gniibe added a subscriber: gniibe.Sep 28 2017, 12:48 AM

For workaround (master branch with rG0a7661129499), moving the private key file to *.key.bak can do that.