Trying to add my code signing key via hkp fails with 400 bad request, and uploading via the web form reveals:
Error! Invalid PGP key. No valid encryption key found: Could not find valid encryption key packet in key 31855247603831fd
I think this is rather unfortunate, as having a separate OpenPGP certificate for code signing is a way to separate concerns, i.e. no signature over a git object can ever be mistaken for a signature made by my main certificate.
Other useful OpenPGP certificates without encryption subkeys are certificate revocations (note that the same composition is useful for v4 certificate revocations: the bare signature lacks context, pairing it with the primary key provides that context).
Trying to add my code signing key via hkp fails with 400 bad request, and uploading via the web form reveals:
I think this is rather unfortunate, as having a separate OpenPGP certificate for code signing is a way to separate concerns, i.e. no signature over a git object can ever be mistaken for a signature made by my main certificate.
Other useful OpenPGP certificates without encryption subkeys are certificate revocations (note that the same composition is useful for v4 certificate revocations: the bare signature lacks context, pairing it with the primary key provides that context).