with-colons listing, issue with distinguishing between encrypting and signing keys.

David Shaw dshaw@jabberwocky.com
Wed Nov 27 22:18:02 2002


On Wed, Nov 27, 2002 at 01:36:15AM -0500, Psy-Kosh wrote:
> > I don't think it is a case of gpg not knowing the difference or the
> > key being corrupted or such, since I test it by trying to get it to
> > encrypt to the one that's suppused to be the signing key and vice
> > versa, and it always instead encrypts to the encrypting key and signs
> > with the signing key instead. I commented out the default key and so
> > on options in my .conf file during the tests to make sure that wasn't
> > it, and it still gets it right. So, gpg "knows" which key is which
> > kind, just doesn't seem to display it properly. Is this a bug, or
> > could I merely be misreading the listing?
> >
> 
> I take that back, rechecked that, it's using only one of the subkeys for
> both encrypting and signing, refusing to use the one that is meant to be a
> signing key. This seems to be a recent problem. How would this happen, and
> is it possible to fix it?

This is correct behavior.  If you have multiple subkeys capable of
doing the requested action, GnuPG will pick the most recent capable
subkey.  You can override this choice by specifying the subkey with an
exclamation point (!) after the keyid.  This makes GnuPG use that
specified subkey and not try any others.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson