Sorry, missed the "PGP encryption key". But still:
- I used to use `pass`, a password manager based on GPG. That needed the encryption key.
- Sharing of confidential data with coworkers at more than one job.
- Future-proofing: Even though I might not be using an encryption key now, creating all three (encryption, signing, authentication) is a common flow when using GnuPG cards, and then I do want to sync all three to the key server for convenience (so that I can use them at a different machine, for example) without broadcasting to the world "hey, email me encrypted stuff to keyid 0xABCD1234!".
None of those use cases should involve a public keyserver if you don't want people to email you encrypted stuff. Keyservers are literally there to "broadcast to the world 'hey, email me encrypted stuff to keyid 0xABCD1234!'."
Well, I use keyservers, and I don't intend to broadcast that fact.
Maybe I'm using them wrong in your view, but I don't see why your view is somehow the canonical one, given all the non-email examples I and other people in this thread have provided.
Because the act of publishing has a well-established meaning. The same reason I can't publish a book and shout at people who read it. "I wrote it for my eyes only, how dare you read it!" is a ridiculous thing to say.
You use your encryption key for that? Which PGP implementation does that? I use my signing key.
> SSH key storage
Again, I use my authentication key for that.
> deb package verification
I use the published signing keys. Never had to use any other key type.
> What an uninformed blanket statement.
I'm sorry for my ignorance. Could you at least provide an example that's valid?