GPG default use of oldest secret key

Werner Koch wk at
Sun Feb 29 19:24:18 CET 2004

On Sun, 29 Feb 2004 01:37:11 -0500, VaX#n8  said:

> 1) Wouldn't using the most recent be a better default?

I don't know.

> 2) Should I be using --default-key NAME or -u NAME?  The latter is
> shorter.

It is higly suggested to use default-key because this is the only way
to make sure that a specific key is used for signing.  The default is
pretty much fragile but we use it because it is what most people would
expect - those who are only using one key.

> 3) Is there a way of specifying these options?  I end up using a script
>    wrapper for various reasons, one of which is the annoyance of having
>    to specify these options (the other is that I have several similarly-named
>    keys and specifying mine is either a lot of typing or memorizing
> a key ID)

Add "default-key FINGERPRINT"

to you ~/.gnupg/gpg.conf

> 4) Is there a better way to do what I want, such as creating a new secret
>    ring in a different order?

Using -u overrides the "--default-key".


More information about the Gnupg-devel mailing list