6Kas
GPG: What is the "R" usage flag on a subkey?
Trying to setup a separate subkey on my GPG key for signing (instead of using the primary key itself), I had the surprise that gnupg automatically added an additional "R" usage flag on the new subkey:
~: gpg --expert --edit-key AAAAAAAAAAAAA
sec rsa4096/AAAAAAAAAAAAA
created: 2017-01-01 expires: 2025-01-01 usage: SC
trust: ultimate validity: ultimate
ssb rsa4096/BBBBBBBBBBBBB
created: 2017-01-01 expires: 2025-01-01 usage: E
[ultimate] (1). <SNIP>
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
(14) Existing key from card
Your selection? 8
Possible actions for this RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? e
Possible actions for this RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
<SNIP>
sec rsa4096/AAAAAAAAAAAAA
created: 2017-01-01 expires: 2025-01-01 usage: SC
trust: ultimate validity: ultimate
ssb rsa4096/BBBBBBBBBBBBB
created: 2017-01-01 expires: 2025-01-01 usage: E
ssb rsa4096/CCCCCCCCCCCCC
created: 2024-11-06 expires: 2026-01-01 usage: SR
[ultimate] (1). <SNIP>
(<SNIP> is output I removed for conciseness)
I've looked at both the man page and the texinfo of gnupg, but I wasn't able to find what this R flag means. change-usage doesn't show the additional usage either.
Our friendly search engines aren't helpful on this one too (they don't work well on single-letter keywords).
So what is this flag? How can I create a subkey without it?
