S/MIME questions: how to set default key?

stebe at mailbox.org stebe at mailbox.org
Mon Jan 4 14:12:18 CET 2016

Hi Thomas,

> Currently I'm stumped at signing new mails.
> I always get "error signing data: Certificate expired?"
> I do have two certificates, one that is expired and one that is not.
> I guess the wrong one is chosen; so I tried setting in .muttrc:
> set smime_default_key=0xID2
> but this doesn't change anything, nor did
> set smime_default_key=FI:NG:ER:PR:IN:T2
> Does anyone here know how to fix this?

I haven't used gpgsm yet, but in section 4.2.3 of the info gnupg manual it
is indicated the following.

--default-key USER_ID'
     Use USER_ID as the standard key for signing.  This key is used if
     no other key has been defined as a signing key.  Note, that the
     first `--local-users' option also sets this key if it has not yet
     been set; however `--default-key' always overrides this.

--local-user USER_ID'

     Set the user(s) to be used for signing.  The default is the first
     secret key found in the database.

It seems that gpgsm takes the first entry in the keyring as the one to

--> see 4.1.2 Commands to select the type of operation:

     Create a digital signature.  The key used is either the fist one
     found in the keybox or those set with the `--local-user' option.

So you might set --default-key USER_ID to the one of your new certificate
(second in your output list) and add it to gpgsm.conf; you might as well
use --local-users instead. 
Section 4.8.3 Signing a Message also details that you can modify your
gpgsm.conf to have gpgsm sign with your new key.
"The key used for signing is the default one or the one specified in the
configuration file." So it's here and not the .muttrc file where you have
to change it.

Hope that helps.


More information about the Gnupg-users mailing list