ml at ml at
Thu Apr 5 15:27:24 CEST 2012


> This does not happen here (Linux, though). I don't know how to tell gpg which 
> key(s) to try first but if you use the command line then there's a work 
> around: You may call gpg with
> --no-default-keyring
> --keyring
> --secret-keyring
> and point it at a file which contains one key only.

gpg2 man page:

--try-secret-key name (>= gpg 2.1?)
For hidden recipients GPG needs to know the keys to use for trial
decryption. The key set with --default-key is always tried first...

so, put "default-key key-id" in gpg.conf and this key will be tried first.

--default-key name
Use name as the default key to sign with. If this option is not used,
the default key is the first key found in the secret keyring.

So i think, if you have not a default-key defined in gpg.conf, the first
secret key will be tried.


More information about the Gnupg-users mailing list