I have a smart card with my signing subkey (0xADCF72E06DBC3057), and I have a stubbed master key locally (0xF012A6E298C66655) on the machine; the actual master key is offline. I have the following in my ~/.gnupg/gpg.conf
default-key 0xF012A6E298C66655 local-user 0xADCF72E06DBC3057!
All works well when signing with the default values
$ echo test | gpg -vbsa gpg: Note: signature key 0x6CDA813213912971 expired Fri 26 Oct 2012 23:17:20 AEDT gpg: Note: signature key 0x6CDA813213912971 has been revoked gpg: Note: signature key 0x9CA49F44ABCF4EFA expired Mon 21 Jan 2013 14:11:29 AEDT gpg: Note: signature key 0x9CA49F44ABCF4EFA has been revoked gpg: Note: signature key 0xF9EB425E6D1886A7 expired Wed 02 Nov 2016 22:02:08 AEDT gpg: using subkey 0xADCF72E06DBC3057 instead of primary key 0xF012A6E298C66655 gpg: writing to stdout gpg: RSA/SHA512 signature from: "0xADCF72E06DBC3057 Olivier Mehani <shtrom@ssji.net>" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEK9H+AsmH1DijNv0qrc9y4G28MFcFAlkAR5oACgkQrc9y4G28 MFfpygf8CBKoHRH41XUEyEO+qlNqJzq5XDLYq73FrlsY+Yw4wSCV4D6IWUP6efzm 1XghV7CvlkCE1FtGJYR0dy7iqSdnWftTKmr9q3cu/wptPvwUfv2BhXsFY6982+sg DhJW8vGcQ+vXkjV3gVsy/5+Xr3iZA0Zv6cBR2KQJQ3UZXFcGYkoN+4NmBYodkvbz ptR8YOVI64tfKSraAXRHPureRq7gy7zGrsqJW4RHMRGQsQ3yA42mOnCR6EvSzQN0 QxB8pZZajbAo6fZxF3TPYKYWJ/LtG034WE3ZUhJy1AEIIBqwCDTC3drlsMk6mqN3 /jjYoI21jOwwTu0Q9l+raXALiqrCaQ== =9/4p -----END PGP SIGNATURE-----
This, however, fails if I specify the same key ID as the local user on the command line:
$ echo test | gpg -vbsau 0xADCF72E06DBC3057 gpg: Note: signature key 0x6CDA813213912971 expired Fri 26 Oct 2012 23:17:20 AEDT gpg: Note: signature key 0x6CDA813213912971 has been revoked gpg: Note: signature key 0x9CA49F44ABCF4EFA expired Mon 21 Jan 2013 14:11:29 AEDT gpg: Note: signature key 0x9CA49F44ABCF4EFA has been revoked gpg: Note: signature key 0xF9EB425E6D1886A7 expired Wed 02 Nov 2016 22:02:08 AEDT gpg: using subkey 0x2349101368E456BD instead of primary key 0xF012A6E298C66655 gpg: Note: signature key 0x6CDA813213912971 expired Fri 26 Oct 2012 23:17:20 AEDT gpg: Note: signature key 0x6CDA813213912971 has been revoked gpg: Note: signature key 0x9CA49F44ABCF4EFA expired Mon 21 Jan 2013 14:11:29 AEDT gpg: Note: signature key 0x9CA49F44ABCF4EFA has been revoked gpg: Note: signature key 0xF9EB425E6D1886A7 expired Wed 02 Nov 2016 22:02:08 AEDT gpg: using subkey 0xADCF72E06DBC3057 instead of primary key 0xF012A6E298C66655 gpg: writing to stdout gpg: RSA/SHA512 signature from: "0xADCF72E06DBC3057 Olivier Mehani <shtrom@ssji.net>" gpg: signing failed: No secret key gpg: signing failed: No secret key
This is rather annoying, as the second mode is how git uses gpg, which leads to signed commits failing with
$ git commit -S0xADCF72E06DBC3057 -m 'test' error: gpg failed to sign the data fatal: failed to write commit object