GPG Keychain: how is a primary missing sec key denoted in GPG Keychain?

K. C. Tessarek's Avatar

K. C. Tessarek

24 Oct, 2018 12:08 AM

I've delegated all actions to subkeys and removed the secret portion of the primary key. Basically I created 3 subkeys for signing, encrypting, and authenticating.
When using the command line (gpg -K) such a removed secret primary key is denoted by a sec#.

How is this shown in GPGTools?

  1. 1 Posted by K. C. Tessarek on 24 Oct, 2018 12:10 AM

    K. C. Tessarek's Avatar

    I meant of course GPG Keychain, not GPGTools. (Unfortunately I can neither change the title, nor edit the text. I cannot even delete my own topic.)

  2. 2 Posted by Helmut K. C. Te... on 05 Nov, 2018 01:36 AM

    Helmut K. C. Tessarek's Avatar

    Any comment?

  3. 3 Posted by Helmut K. C. Te... on 05 Feb, 2019 02:12 PM

    Helmut K. C. Tessarek's Avatar

    Hello? Any update or feedback?

  4. Support Staff 4 Posted by Mento on 11 Feb, 2019 07:28 AM

    Mento's Avatar

    Hi Helmut,

    GPG Keychain shows a '#' in Details -> Card.
    This is a very advanced feature, so it has no beautiful user interface.
    Does this answer your question?

    Regards, Mento

  5. 5 Posted by Helmut K. C. Te... on 12 Feb, 2019 01:24 PM

    Helmut K. C. Tessarek's Avatar

    Thanks Mento for the info. Yes, this answers my question. Thank you.

    A beautiful UI is not really necessary as long as the functionality is available. I have noticed though that the app is less and less usable for people who are experts at gpg. You made decisions as developers what is actually done (e.g. signing the main key does not sign all subkeys, or something similar - I can't recall all the weird behaviour I have experienced) by the UI which makes no sense for an expert and is detrimental to the command line. It's a pitty, because it's a great app, but I don't dare to use it anymore to edit keys, because it doesn't do what I expect it to do.

    Anyway, it's still good enough for me to browse through the keys in my key ring.

    K. C.

  6. Support Staff 6 Posted by Steve on 12 Feb, 2019 01:32 PM

    Steve's Avatar

    Thanks for taking the time to share your feelings about GPG Keychain and the new dialog to sign keys.

    To sign all user IDs in a key you need to make sure you tick all email addresses in the key signing dialog and you should be good.

    This has been changed because non expert users would otherwise always sign the entire key without having verified all user IDs. So this prevents more damage than it does, or that was our hope when we changed the key signing dialog.

  7. 7 Posted by Helmut K. C. Te... on 12 Feb, 2019 01:41 PM

    Helmut K. C. Tessarek's Avatar

    Thanks again for the info. I understand that you want to make the app easy to use for non-experts, but in that case there should be 2 settings (beginner, expert).

    In any case, this was only one example and I could tell you about algo prefs only available when using the experts defaults key (even though algo prefs is not truly an expert setting), but I don't want to use this ticket to discuss these matters.

  8. Steve closed this discussion on 12 Feb, 2019 01:42 PM.

  9. Steve re-opened this discussion on 12 Feb, 2019 02:26 PM

  10. Support Staff 8 Posted by Steve on 12 Feb, 2019 02:26 PM

    Steve's Avatar

    I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.


  11. Steve closed this discussion on 12 Feb, 2019 02:26 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac