v4 rsa subkey peculiarity

David Shaw dshaw at jabberwocky.com
Wed Feb 11 11:13:19 CET 2004

On Wed, Feb 11, 2004 at 07:13:02AM -0800, vedaal at hush.com wrote:
> when trying to sign with my v4 rsa key, gnupg intentionally uses the
> encryption subkey instead of the primary


> upon further examination of this particular v4rsa key,
> it turns out that both the subkey and the master key are 'encrypt and
> sign', whereas other v4rsa key subkeys are 'encrypt only'
> is there something about this that would affect how gnupg recognizes
> the key?

You said it yourself.  You have an encrypt and sign primary, and an
encrypt and sign subkey.  GnuPG will always try and use a subkey
rather than the primary, so since there is a subkey that can sign,
it's using it.

If you don't want this to happen, put a ! after the keyid.  You can
put this in the gpg.conf file if you like:
  default-key xxxxx!
  local-user xxxxx!


More information about the Gnupg-users mailing list