7.8. Setting a Default Key
Problem
You want a designated secret key to be your default for gpg operations.
Solution
List your keys: [Recipe 7.7]
$ gpg --list-secret-keys
Then locate the desired secret (sec
) key, and
specify its ID in your ~/.gnupg/options file:
~/.gnupg/options:
default-key ID_goes_here
Discussion
Most often, people have only a single secret key that GnuPG uses by default. This recipe applies if you have generated multiple secret keys for particular purposes. For example, if you’re a software developer, you might a have a separate key for signing software releases, in addition to a personal key.
gpg places keys into keyring files held in your account. View your default keyring with:
$ gpg --list-secret-keys /home/smith/.gnupg/secring.gpg --------------------------------- sec 1024D/967D108B 2001-02-21 Shawn Smith (My work key) <smith@example.com> ssb 2048g/6EA5084A 2001-02-21 sec 1024D/2987358A 2000-06-04 S. Smith (other key) <smith@example.com> ssb 2048g/FC9274C2 2000-06-04
Normally the first secret (sec
) key listed is
the default for GnuPG operations. To change this, edit the GnuPG
options file, ~/.gnupg/options, which is
automatically created by gpg with default values.
Modify the default-key
line, setting its value
to the ID of your desired secret key:
~/.gnupg/options:
default-key 2987358A
See Also
Key IDs can also be specified by email address or other identifying information: see the gpg(1) manpage. We find using key IDs to be easy and unambiguous.
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.