When you --gen-key
in GPG, you can choose which actions of Sign, Certify, Encrypt, and Authenticate the key will be usable for.
Can these be later modified (i.e. obviously a new key can be created if the current one has C, and the old one revoked, but that's not the question) to remove or add actions?
Best Answer
Keys' allowed usages can be modified, but the
gpg
tool doesn't support it (even in version 2). To change a key's usage, you need to modifygpg
. The basic idea is detailed in a thread on thegnupg-users
mailing list: usage information is carried by the self-signature, so you need to change the usage parser to force the value you're interested in, then create a new self-signature on your key, for example by changing your key's expiry date.