Recipe 7.8 Setting a Default Key :: Chapter 7. Protecting Files :: Linux security :: Linux systems

Recipe 7.8 Setting a Default Key

7.8.1 Problem

You want a designated secret key to be your default for gpg operations.

7.8.2 Solution

List your keys: [Recipe 7.7]

$ gpg --list-secret-keys

Then locate the desired secret (sec) key, and specify its ID in your ~/.gnupg/options file:

 ~/.gnupg/options:
default-key ID_goes_here

7.8.3 Discussion

Most often, people have only a single secret key that GnuPG uses by default. This recipe applies if you have generated multiple secret keys for particular purposes. For example, if you're a software developer, you might a have a separate key for signing software releases, in addition to a personal key.

gpg places keys into keyring files held in your account. View your default keyring with:

$ gpg --list-secret-keys
/home/smith/.gnupg/secring.gpg
---------------------------------
sec  1024D/967D108B 2001-02-21 Shawn Smith (My work key) <smith@example.com>
ssb  2048g/6EA5084A 2001-02-21
sec  1024D/2987358A 2000-06-04 S. Smith (other key) <smith@example.com>
ssb  2048g/FC9274C2 2000-06-04

Normally the first secret (sec) key listed is the default for GnuPG operations. To change this, edit the GnuPG options file, ~/.gnupg/options, which is automatically created by gpg with default values. Modify the default-key line, setting its value to the ID of your desired secret key:

~/.gnupg/options:
default-key 2987358A

7.8.4 See Also

Key IDs can also be specified by email address or other identifying information: see the gpg(1) manpage. We find using key IDs to be easy and unambiguous.