Order of keys attempted to decrypt

Richard Ulrich ricul77 at gmail.com
Wed Jun 18 10:46:06 CEST 2014

I have my private sub keys on a smart card, and up until recently
decrypting was always fine.
Then I found out that for signing other people's keys, I need to have
the primary private key available. So I put it on a second smart card as
described here:
Now decryption still works, but with a small hiccup: 

$ gpg -d test.txt.gpg 
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 …
gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E …
gpg: Alles klar, wir sind der ungenannte Empfänger.
gpg: verschlüsselt mit RSA Schlüssel, ID 00000000

It first tries to decrypt using the primary key. And since the card with
the primary key is not plugged in, it outputs an error, before it tries
the sub key that succeeds.
I tried using the -r option to specify the key to use, but it was
seemingly ignored.

Is there a way to specify which key to try first?

The problem I have at the moment ist that some scripts fail probably
because the error that is output.
For example, it never reaches line 43 of the following script since I
have the stub for the primary key: 


PS: out of curiosity: What does the "ID 00000000" mean in the output
from gpg : 
gpg: verschlüsselt mit RSA Schlüssel, ID 00000000

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20140618/0c3728bf/attachment.sig>

More information about the Gnupg-users mailing list