GPG Keychain: how is a primary missing sec key denoted in GPG Keychain?
I've delegated all actions to subkeys and removed the secret portion of the primary key. Basically I created 3 subkeys for signing, encrypting, and authenticating.
When using the command line (gpg -K
) such a removed secret primary key is denoted by a sec#
.
How is this shown in GPGTools?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by K. C. Tessarek on 24 Oct, 2018 12:10 AM
I meant of course GPG Keychain, not GPGTools. (Unfortunately I can neither change the title, nor edit the text. I cannot even delete my own topic.)
2 Posted by Helmut K. C. Te... on 05 Nov, 2018 01:36 AM
Any comment?
3 Posted by Helmut K. C. Te... on 05 Feb, 2019 02:12 PM
Hello? Any update or feedback?
4 Posted by Mento on 11 Feb, 2019 07:28 AM
Hi Helmut,
GPG Keychain shows a '#' in Details -> Card.
This is a very advanced feature, so it has no beautiful user interface.
Does this answer your question?
Regards, Mento
5 Posted by Helmut K. C. Te... on 12 Feb, 2019 01:24 PM
Thanks Mento for the info. Yes, this answers my question. Thank you.
A beautiful UI is not really necessary as long as the functionality is available. I have noticed though that the app is less and less usable for people who are experts at gpg. You made decisions as developers what is actually done (e.g. signing the main key does not sign all subkeys, or something similar - I can't recall all the weird behaviour I have experienced) by the UI which makes no sense for an expert and is detrimental to the command line. It's a pitty, because it's a great app, but I don't dare to use it anymore to edit keys, because it doesn't do what I expect it to do.
Anyway, it's still good enough for me to browse through the keys in my key ring.
Cheers,
K. C.
Support Staff 6 Posted by Steve on 12 Feb, 2019 01:32 PM
Thanks for taking the time to share your feelings about GPG Keychain and the new dialog to sign keys.
To sign all user IDs in a key you need to make sure you tick all email addresses in the key signing dialog and you should be good.
This has been changed because non expert users would otherwise always sign the entire key without having verified all user IDs. So this prevents more damage than it does, or that was our hope when we changed the key signing dialog.
7 Posted by Helmut K. C. Te... on 12 Feb, 2019 01:41 PM
Thanks again for the info. I understand that you want to make the app easy to use for non-experts, but in that case there should be 2 settings (beginner, expert).
In any case, this was only one example and I could tell you about algo prefs only available when using the experts defaults key (even though algo prefs is not truly an expert setting), but I don't want to use this ticket to discuss these matters.
Steve closed this discussion on 12 Feb, 2019 01:42 PM.
Steve re-opened this discussion on 12 Feb, 2019 02:26 PM
Support Staff 8 Posted by Steve on 12 Feb, 2019 02:26 PM
I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 12 Feb, 2019 02:26 PM.