the preference of signing keys question

Ingo Klöcker kloecker at kde.org
Sat Jun 6 17:30:29 CEST 2009 

On Saturday 06 June 2009, Kārlis Repsons wrote:
> On Saturday 06 June 2009 13:30:08 David Shaw wrote:
> > On Jun 6, 2009, at 5:26 AM, Kārlis Repsons wrote:
> > > Hi,
> > > still I have questions :)
> > > This time: is there some gnupg dictated way of setting preference
> > > of which
> > > signing/encrypting key to use? For example, I have a long RSA
> > > subkey, which I
> > > created just in case.

What do you mean by "just in case"? Do you want to use the RSA subkey 
for certain messages?


> > > I'd like to use DSA now, but my mailer 
> > > somehow preferred RSA subkey.
> >
> > GPG will use the most recent valid subkey for a given purpose (i.e.
> > the most recent valid signing key, the most recent valid encryption
> > key).  If you want to force the use of a particular key, instead of
> > specifying your key as XXXXXXX (the key id), specify the exact key
> > or subkey you want as XXXXXXXX! (the key id plus an exclamation
> > mark).
> >
> > David
>
> This ends up with me willing to assert about the possible
> combinations:
>
> Three sets from which to combine:
> set 1:
> --export-secret-subkeys, --export-secret-keys, --export
>
> set 2:
> used XXXXXXX, used XXXXXXX!
>
> set 3:
> master key, subkey
>
> A] Which normal cases will export only the XXXXXXX subkey keypair
> (pub+sec)? Are they
> --export-secret-subkeys, XXXXXXX!, subkey?
>
> B] Which normal cases will export all of the subkey pairs? Or master
> keypair will be included?
> Are they
> --export-secret-subkeys, XXXXXXX, subkey?
>
> A2] Which normal cases will export only the XXXXXXX master keypair
> (pub+sec)? Are they
> --export-secret-keys, XXXXXXX!, master key?
>
> B2] Which normal cases will export all of the keypairs?
> Are they
> --export-secret-keys, XXXXXXX?
>
> C] Does --export works on the particular key ID, if XXXXXXX! is used?
>
>
> Could you, please, explain a little about how mail clients interact
> with gpg - they use library, right?

I guess that depends on the mail client. KMail uses the gpgme library.


> Or simply execute the gpg with the proper arguments and options? (I
> see, my KMail can't accept '!', so I ended up curious about it)

KMail does not support the selection of a specific subkey.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090606/8d512aeb/attachment.pgp>

More information about the Gnupg-users mailing list