tomasz buchert's page

Multiple signing subkeys in GPG

... or GPG, WTF?

It turns out, that the default signing key used by GPG is always the most recently added key, even if you specify explicitly that you want to use another subkey. Check this out:

$ gpg –default-key 24B17D29 –verbose –sign test.txt
gpg: using subkey 29CBBFD5 instead of primary key 24B17D29

What? Didn’t I just say that I want to sign with 24B17D29? I tried many things, but GPG was very persistent. Finally, I found, thanks to this one, that if you really, really, really want to force a subkey, you must put an exclamation mark after its ID.

So there you have it:

$ gpg –default-key 24B17D29! –verbose –sign test.txt

It is documented in the man page, granted, but I still think that the standard behavior sucks.


inspired by classicthesis / 2015