I don't really know why i looked so deeply into this. Reported in the gpg4win forum.
gpg --batch --quick-add-key 39E2393F66AA2B670A32FE075A0B77BEE488BD7D nistp256 sign gpg: Key generation failed: Wrong key usage
In batch mode quick add key calls:
parse_algo_usage_expire
In this function there is a comment that explains the problem, since usage is checked again in case a separate value has been given. But depending on the usage, parse_key_parameter_string would have changed the algo since the ecdh_or_ecdsa handling is in there.
So parse_key_parameter_string returns use as encrypt. But then:
/* Parse the usage string. */
if (!usagestr || !*usagestr
|| !ascii_strcasecmp (usagestr, "default") || !strcmp (usagestr, "-"))
; /* Keep usage from parse_key_parameter_string. */
else if ((wantuse = parse_usagestr (usagestr)) != -1)
use = wantuse;Changes it to sign again and:
/* Check that usage is possible. NB: We have the same check in
* parse_key_parameter_string but need it here again in case the
* separate usage value has been given. */
if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
&& !pubkey_get_nsig (algo))
|| ((use & PUBKEY_USAGE_ENC)
&& !pubkey_get_nenc (algo))
|| (for_subkey && (use & PUBKEY_USAGE_CERT)))
{
if (r_keygrip)
{
xfree (*r_keygrip);
*r_keygrip = NULL;
}
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}Fails because the algo is ECDH and not ECDSA but the use is sign.