Page MenuHome GnuPG

GnuPG: quick-gen-key should create subkeys depending on usage
Open, WishlistPublic

Description

Currently quick-gen-key is hard to use from another tool if you do not use "default" or "future-default" as an algo. Because then it will only create an SC primary key.

But if usage "encr" (or "auth") is explicitly specified it then also just creates a primary key with SCEA capabilities.

That is bad practice. GnuPG should create E and A subkeys if such usage is explicitly specified. And not create subkeys depending on the selected algo.

Ideally I would think that

--quick-gen-key foo@bar.baz

would create an SC primary key with an E subkey.

--quick-gen-key foo@bar.baz rsa1024

would create an SC primary key with an E subkey.

--quick-gen-key foo@bar.baz rsa1024 "sign cert"

would only create an SC primary key.

--quick-gen-key foo@bar.baz rsa1024 "sign cert encr"

would create an SC primary with an E subkey

--quick-gen-key foo@bar.baz rsa1024 "sign cert auth encr"

would create an SC primary with an A and another E subkey.

That seems more consistent to me then relying on the default algo.

(GPGME added as a project as this is also releveant for createkey)

Details

Version
master