Problems with two active encryption subkeys
mailinglisten at hauke-laging.de
Wed Nov 10 20:20:13 CET 2010
Am Mittwoch 10 November 2010 19:52:00 schrieb MFPA:
> > AFAIK gpg takes the (compatible) subkey which is valid
> > for the longest remaining period.
> I thought Gunpg used the largest available subkey for the task, and
> multiple appropriate sukeys were of the same size the newest would be
I created some more subkeys to check that...
For 2.0.15 you are right in one point and wrong in the other. It is the newer
creation date which is chosen not the longer remaining validity period. But
the newer key wins against the longer one:
start cmd:> LC_ALL=C gpg --edit-key 71FDC5CB
pub 1024D/0x71FDC5CB created: 2010-02-25 expires: 2011-02-25 usage: C
sub 2048R/0xDA63AFDA created: 2010-11-10 expires: 2011-01-09 usage: E
sub 1024R/0x1860836B created: 2010-11-10 expires: 2010-12-10 usage: E
gpg --encrypt --recipient 71FDC5CB test.html
encrypts for 1860836B not for the both longer and longer valid DA63AFDA.
> > Unfortunately you
> > cannot even force gpg to use a certain subkey
> > (directly):
> What happens when you specify the subkey with an exclamation mark (!)
> after the key id?
Funny. That's even explained in the man page. What other secrets may wait
there for discovery...
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users