On Wed, 2 Sep 2009 10:55, jerome.bl...@nerim.net said: > anyone that could explain me how gpg chooses which secret key to use or > how I could tell gpg which one to use ?
Without an option, gpg uses the first available secret key for signing. This is usually not desired, thus you can use "default-key" in gpg.conf to select a different one. If you want to use another than the default key, you may give it on the command line with "-u USERID". You may even give several "-u" options to sign the data with several keys. An OpenPGP keys consists of a primary key and optionally several subkeys. Gpg uses the latest subkey capable of signing to create a signature, if no such subkey is available, the primary key is used. This happens even if you speicify the keyid of a subkey. If you want to force the use of a specific signing subkey, you need use the ! suffix to the keyid. Example: pub 1024D/5B0358A2 created: 1999-03-15 expires: 2011-07-11 usage: SC sub 2048R/B604F148 created: 2004-03-21 expired: 2005-12-31 usage: E sub 2048R/C3680A6E created: 2006-01-01 expired: 2007-12-31 usage: E sub 1024D/3D52C282 created: 2007-12-31 expires: 2010-07-11 usage: S sub 2048R/F409CD54 created: 2007-12-31 expires: 2011-07-10 usage: E sub 2048R/12345678 created: 2009-06-30 expires: 2010-07-10 usage: S Using: -u 0x5B0358A2 ==> Subkey 0x12345678 is used. -u 0x12345678 ==> Subkey 0x12345678 is used. -u 0x3D52C282 ==> Subkey 0x12345678 is used. -u 0x3D52C282! ==> Subkey 0x3D52C282 is used. Due to the key expiration, this will chnage in one year to: -u 0x5B0358A2 ==> Primary key 0x5B0358A2 is used. -u 0x12345678 ==> Primary key 0x5B0358A2 is used. -u 0x3D52C282 ==> Primary key 0x5B0358A2 is used. -u 0x3D52C282! ==> Primary key 0x5B0358A2 is used. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users