Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HOW to encrypt by a subkey(multiple subkey(e)) in GPG(GnuPG)

Tags:

gnupg

HOW to encrypt by a subkey(multiple subkey(e)) in GPG(GnuPG)

pub   rsa4096/22E49AB870AD169A 2017-03-09 [SC]
uid                 [ultimate] Jack Wonda <[email protected]>
uid                 [ultimate] 王杰 <[email protected]>
sub   rsa4096/D39A707D61F13A26 2017-03-09 [E] [expires: 2020-04-25]
sub   rsa4096/11FAB3E82F75B202 2017-04-24 [S] [expires: 2019-04-24]
sub   rsa4096/B305BA41FD1F7793 2017-04-26 [E] [expires: 2019-04-26]

I have two subkeys for encryption, but for now I can only use the last subkey(B305BA41FD1F7793).

For instance:

gpg2 -r D39A707D61F13A26 -e doc
File 'doc.gpg' exists. Overwrite? (y/N) y
gpg2 -d doc.gpg
gpg: encrypted with 4096-bit RSA key, ID B305BA41FD1F7793, created 2017-04-26
      "Jack Wonda <[email protected]>"
123456

Even I specify the first subkey, it will still go to the last one.

like image 588
Won Jack Avatar asked Feb 04 '23 13:02

Won Jack

1 Answers

You can force gpg to use a specific key by appending an exclamation point to its id. In your case : 

gpg2 -r 0xD39A707D61F13A26! -e doc

You can even ask gpg to encrypt with both keys (so you can decrypt with either one of the associated public keys) :

gpg2 -r 0xD39A707D61F13A26! -r 0xB305BA41FD1F7793! -e doc

According to the manpage installed on my Arch system (strangely, I can't find the same version elsewhere with the same information) :

HOW TO SPECIFY A USER ID

There are different ways to specify a user ID to GnuPG. Some of them are only valid for gpg others are only good for gpgsm. Here is the entire list of ways to specify a key:

By key Id.
          This format is deduced from the length of  the  string  and  its
          content or 0x prefix. The key Id of an X.509 certificate are the
          low 64 bits of its SHA-1 fingerprint.  The use  of  key  Ids  is
          just  a  shortcut,  for all automated processing the fingerprint
          should be used.

          When using gpg an exclamation mark (!) may be appended to  force
          using  the specified primary or secondary key and not to try and
          calculate which primary or secondary key to use.

          The last four lines of the example give the key ID in their long
          form as internally used by the OpenPGP protocol. You can see the
          long key ID using the option --with-colons.
like image 84
Foaly Avatar answered Mar 08 '23 18:03

Foaly
Sign in to Comment

Related questions

Git doesn't see gpg key as secret, even though it is, how do I fix it?
GnuPGME: GPG Signature C++
Go - Golang openpg - Create Key pair and create signature

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!