Problems with two active encryption subkeys
Hauke Laging
mailinglisten at hauke-laging.de
Wed Nov 10 16:21:21 CET 2010
Am Mittwoch 10 November 2010 15:38:39 schrieb Sven Klomp:
> I have a public key configuration as follows:
> Primary Key (DSA for signing other keys)
> - Sub-key 1 (Elgamal for encryption)
> - Sub-key 2 (RSA for signing mails/files)
> - Sub-key 3 (RSA for encryption)
>
> How does GnuPG decide, what encryption key should be used? In my tests, a
> file or mail is always encrypted with sub-key 3.
AFAIK gpg takes the (compatible) subkey which is valid for the longest
remaining period. Unfortunately you cannot even force gpg to use a certain
subkey (directly): Giving a subkey ID as encryption target triggers a strange
process: gpg looks for the main key of this ID and then selects the subkey as
if the main key ID had been given...
If you really want to force it then you can export the subkeys to a different
keyring (call gpg with --no-default-keyring and --keyring and import the key),
delete all other subkeys and start the normal encryption afterwards.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101110/53e9be2c/attachment.pgp>
More information about the Gnupg-users
mailing list