OpenPGP: Unable to specify sign and encrypt keys separately
version 3.50.0 from debian repos
Say the user has a key setup as below and we want to both encrypt and sign a message.
Primary key [SC]
Sub-key for encryption [E]
Sub-key for emails [S]
Sub-key for git/ssh [SA]
If we just provide the Primary key ID or user's email address in the OpenPGP Key ID
field, messages would get signed with the Sub-key for git/ssh. GPG uses the last key in the set to sign/encrypt.
Now the solution would be to explicitly state in OpenPGP Key ID
the key ID of Sub-key for emails
, followed by a !
. This would select Sub-key for emails
to sign. However, the same key ID that we selected for signing is now selected for encryption as well. And it fails. Sub-key for emails
only have sign [S]
capability and not encrypt [E]
capability.
If necessary, we should be able to specify sign and encrypt OpenPGP Key ID
s separately. For both, the default behaviour can be to just use the sender address.