key lookup strategies

John Clizbe John at
Tue Nov 30 17:06:13 CET 2010

Ans wrote:
> Hi
>>> I know that it uses the first key to which the pattern applies and that
>>> i could force the correct lookup using -r "<oo at>" but still it
>>> seems somehow strange.
>> As stated in the manual the default is a substring search and thus you
>> get what you asked for.
> Ok, i see that. But the strange thing is not that it does a substring
> search. The strange thing is that, when i do "gpg --encrypt -r oo at bar"
> (and "-r" apparently stands for *recipient*, not "search string") it
> just picks the first match and encrypts the mail with this key.

Actually, the syntax is -r <recipient name>. That name may be a fingerprint, a
long or short Key ID, or a search string. A fuller explanation of the different
ways to specify an ID is in the gpg man page near the bottom. For example,
<oo at bar> specifies an exact match on the email address instead of the default
case-insensitive substring match.

> It doesn't even say: "Warning: there were 6 matches, i'm now picking a
> random (*) key from those six, even though one would fit perfectly..."
> no it just silently takes one, which is quite strange as a user-experience.

It is documented behavior that with multiple matching keys for signing or
encryption, GnuPG will use the first usable key it finds in the keyring for the
given purpose.

If you wish to use a specific key, it is best to select it by the hexadecimal
key ID or fingerprint.

> (*) well not random, but since i cannot influence the ordering on my
> keyring there's not much difference.

Well, you can, but it's rather a bother. At present, keys are stored in the
order in which they are imported. A key ring is just a serial collection of key

This behavior is subject to change in future versions.

John P. Clizbe                      Inet:John (a)
FSF Assoc #995 / FSFE Fellow #1797  hkp://  or
     mailto:pgp-public-keys at

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 499 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101130/17ea6286/attachment.pgp>

More information about the Gnupg-devel mailing list