the preference of signing keys question
karlis.repsons at gmail.com
Sat Jun 6 16:52:03 CEST 2009
On Saturday 06 June 2009 13:30:08 David Shaw wrote:
> On Jun 6, 2009, at 5:26 AM, Kārlis Repsons wrote:
> > Hi,
> > still I have questions :)
> > This time: is there some gnupg dictated way of setting preference of
> > which
> > signing/encrypting key to use? For example, I have a long RSA
> > subkey, which I
> > created just in case. I'd like to use DSA now, but my mailer somehow
> > preferred RSA subkey.
> GPG will use the most recent valid subkey for a given purpose (i.e.
> the most recent valid signing key, the most recent valid encryption
> key). If you want to force the use of a particular key, instead of
> specifying your key as XXXXXXX (the key id), specify the exact key or
> subkey you want as XXXXXXXX! (the key id plus an exclamation mark).
This ends up with me willing to assert about the possible combinations:
Three sets from which to combine:
--export-secret-subkeys, --export-secret-keys, --export
used XXXXXXX, used XXXXXXX!
master key, subkey
A] Which normal cases will export only the XXXXXXX subkey keypair (pub+sec)?
--export-secret-subkeys, XXXXXXX!, subkey?
B] Which normal cases will export all of the subkey pairs? Or master keypair
will be included?
--export-secret-subkeys, XXXXXXX, subkey?
A2] Which normal cases will export only the XXXXXXX master keypair (pub+sec)?
--export-secret-keys, XXXXXXX!, master key?
B2] Which normal cases will export all of the keypairs?
C] Does --export works on the particular key ID, if XXXXXXX! is used?
Could you, please, explain a little about how mail clients interact with gpg -
they use library, right? Or simply execute the gpg with the proper arguments
and options? (I see, my KMail can't accept '!', so I ended up curious about
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 653 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users