Page MenuHome GnuPG

Allow encryption/signing in GPGME using a specified subkey
Closed, ResolvedPublic

Description

There is currently no way to encorce signing/encryption to a subkey in GPGME in the same way we allow
it with the '!' suffix on the CLI.

This can be implemented by allowing to set a selected flag in the gpgme_subkey_t. engine-gpg.c could then scan the subkeys for such a flag and use that fingerprint with the '!' suffix.

Event Timeline

marcus moved this task from For next release to Backlog on the gpgme board.
werner claimed this task.

With the recpstring feature in 1.11 this is now possible because the args are passed verbatim to gpg.

@werner Looks like recpstring is only supported for encrypt and encrypt+sign, but not just for signing. Is there a way to specify the subkey to use when signing?

Please see the section 'Selecting Signers'.

@werner This one? https://www.gnupg.org/documentation/manuals/gpgme/Selecting-Signers.html

It doesn't mention subkeys. Signing just seems to use a "default" subkey.