diff --git a/cmd/commands.go b/cmd/commands.go
index d99303d..e0c62f2 100644
--- a/cmd/commands.go
+++ b/cmd/commands.go
@@ -37,6 +37,7 @@ var All = []*cli.Command{
 			noArmorFlag,
 			selectedProfileFlag,
 			keyPasswordFlag,
+			signingOnlyFlag,
 		},
 		Action: func(c *cli.Context) error {
 			return GenerateKey(c.Args().Slice()...)
diff --git a/cmd/flags.go b/cmd/flags.go
index 1e445a1..51b7d7e 100644
--- a/cmd/flags.go
+++ b/cmd/flags.go
@@ -24,6 +24,7 @@ var (
 	verifyWith       cli.StringSlice
 	selectedProfile  string
 	keyPassword      string
+	signingOnly      bool
 )
 
 // All possible flags for commands
@@ -137,4 +138,9 @@ var (
 		Usage:       "--with-key-password=PASSWORD",
 		Destination: &keyPassword,
 	}
+	signingOnlyFlag = &cli.BoolFlag{
+		Name:        "signing-only",
+		Value:       false,
+		Destination: &signingOnly,
+	}
 )
diff --git a/cmd/generate_key.go b/cmd/generate_key.go
index 34d824b..ac3890e 100644
--- a/cmd/generate_key.go
+++ b/cmd/generate_key.go
@@ -7,6 +7,8 @@ import (
 	"github.com/ProtonMail/gosop/utils"
 
 	"github.com/ProtonMail/gopenpgp/v3/crypto"
+
+	"github.com/ProtonMail/go-crypto/openpgp/v2"
 )
 
 // GenerateKey creates a single default OpenPGP certificate with zero or more
@@ -35,6 +37,11 @@ func GenerateKey(userIDs ...string) error {
 	}
 	defer key.ClearPrivateParams()
 
+	if signingOnly {
+		// Remove the encryption subkey
+		key.GetEntity().Subkeys = []v2.Subkey{}
+	}
+
 	// Lock key if required
 	if keyPassword != "" {
 		pw, err := utils.ReadFileOrEnv(keyPassword)