What should '--local-user' mean when multiple secret keys match?

Peter Lebbing peter at digitalbrains.com
Tue Jan 29 20:39:14 CET 2019 

On 29/01/2019 14:03, Uri Blumenthal wrote:> See inline please.
> I would still want very much to be able to change Usage flags on the
> primary. Regardless of whether the other good suggestions are
> implemented.

I think that functionality is already implemented, though not
documented AFAIK. This is Debian stable:

--8<---------------cut here---------------start------------->8---
$ gpg --edit-key [...]
gpg (GnuPG) 2.1.18; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/[...]
     created: 2017-06-21  expires: 2019-06-21  usage: SC
     trust: never         validity: unknown
ssb  rsa2048/[...]
     created: 2017-06-21  expires: 2019-06-21  usage: E
[ unknown] (1). [...]

gpg> change-usage
Changing usage of the primary key.

Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? 
--8<---------------cut here---------------end--------------->8---

By the way, the way I understood dkg's

>  * allow locally disabling subkeys independently from primary keys, or
>    even disabling key usage flags on the primary key.

was as not /changing/ usage flags (as already implemented), which is an
externally visible action that changes how other people use your pub
key, but rather a /local/ configuration that disables local access to
functionality. I.e., it will not be considered to have a certain usage
by GnuPG even though the public key that is shared with others does
actually have that flag.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190129/c428c362/attachment-0001.sig>

More information about the Gnupg-devel mailing list