I have an OpenPGP smart card key (YubiKey NEO) as well as a local secret key installed in my GnuPG keyring.
I'd like to encrypt and sign a file with my card's key, not the key in my keyring. How can I specify what key I'd like to sign with?
If my filesystem secret key id is DEADBEEF
and my smartcard key is DEADBEE5
, how do I sign with that key?
--local-user
is the same as using--default-user
as in my answer – Anthon Dec 06 '14 at 09:00--default-*
should be recommended for this usage. I have been on the GnuPG mailinglist for years. I have never seen something like that before. – Hauke Laging Dec 06 '14 at 09:06-key
in its name feels much more appropriate when I want to use a specific key than specifying something with-user
YMMV. – Anthon Dec 06 '14 at 09:19--default-key
in his comment above. Running with that, one difference between--local-user
and--default-key
in my experience, is that the first fails if a matching key isn't present, while the second will fall back to other keys. For that reason, I'd be very wary of putting--default-key
in scripts. – Jack O'Connor Jun 19 '18 at 20:37--default-key
saysIf there is no secret key available for any of the specified values, GnuPG will not emit an error message but continue as if this option wasn't given.
– wisbucky Dec 03 '19 at 00:22--local-user
can also use the email. Oh Yeah! – Evan Hu Jul 11 '22 at 07:42