Problems with two active encryption subkeys

Sven Klomp mail at
Wed Nov 10 15:38:39 CET 2010


On Friday 05 November 2010 11:58:13 Sven Klomp wrote:
> since I bought a Crypto Stick [1], I had to add an additional RSA sub-key for encryption, since the stick doesn't support Elgamal. Thus, I have two encryption keys in my public keyring now. How does gpg decide which one to use for encryption? I thought, that every key is used and I can decide to use the Elgamal or RSA key for decryption. But it seems, that only one sub-key is used (RSA) for encryption.
> Do I have a general misunderstanding of the concept?

Does nobody have a hint for me? Maybe my description was a little bit vague. Let's start again :-)

I have a public key configuration as follows:
Primary Key (DSA for signing other keys)
- Sub-key 1 (Elgamal for encryption)
- Sub-key 2 (RSA for signing mails/files)
- Sub-key 3 (RSA for encryption)

How does GnuPG decide, what encryption key should be used? In my tests, a file or mail is always encrypted with sub-key 3. But why? I'm afraid, that some other applications may choose the Elgamal sub-key... I thought a normal behaviour would be to use all valid sub-keys for encrypting files.
Is it only allowed to have one valid encryption sub-key?


More information about the Gnupg-users mailing list