the preference of signing keys question

Kārlis Repsons karlis.repsons at
Sat Jun 6 16:52:03 CEST 2009

On Saturday 06 June 2009 13:30:08 David Shaw wrote:
> On Jun 6, 2009, at 5:26 AM, Kārlis Repsons wrote:
> > Hi,
> > still I have questions :)
> > This time: is there some gnupg dictated way of setting preference of
> > which
> > signing/encrypting key to use? For example, I have a long RSA
> > subkey, which I
> > created just in case. I'd like to use DSA now, but my mailer somehow
> > preferred RSA subkey.
> GPG will use the most recent valid subkey for a given purpose (i.e.
> the most recent valid signing key, the most recent valid encryption
> key).  If you want to force the use of a particular key, instead of
> specifying your key as XXXXXXX (the key id), specify the exact key or
> subkey you want as XXXXXXXX! (the key id plus an exclamation mark).
> David

This ends up with me willing to assert about the possible combinations:

Three sets from which to combine:
set 1:
--export-secret-subkeys, --export-secret-keys, --export

set 2:

set 3:
master key, subkey

A] Which normal cases will export only the XXXXXXX subkey keypair (pub+sec)?
Are they
--export-secret-subkeys, XXXXXXX!, subkey?

B] Which normal cases will export all of the subkey pairs? Or master keypair 
will be included?
Are they
--export-secret-subkeys, XXXXXXX, subkey?

A2] Which normal cases will export only the XXXXXXX master keypair (pub+sec)?
Are they
--export-secret-keys, XXXXXXX!, master key?

B2] Which normal cases will export all of the keypairs?
Are they
--export-secret-keys, XXXXXXX?

C] Does --export works on the particular key ID, if XXXXXXX! is used?

Could you, please, explain a little about how mail clients interact with gpg - 
they use library, right? Or simply execute the gpg with the proper arguments 
and options? (I see, my KMail can't accept '!', so I ended up curious about 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 653 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090606/22b97389/attachment.pgp>

More information about the Gnupg-users mailing list