I'm trying to sign a message, and I have only one usable for signatures key in the keyring:
$ gpg -K /tmp/test-keyring/pubring.kbx ------------------------------- sec> rsa2048 2012-01-16 [C] [expires: 2024-05-15] CB522FE0379DDF40A93400D7E4BC91FACDA9A65B Card serial no. = 00nn 00nnnnnn uid [ unknown] John Doe <firstname.lastname@example.org> ssb# rsa2048 2012-01-16 [S] [expires: 2024-05-14] ssb rsa3072 2012-01-16 [S] [expires: 2024-05-15]
GnuPG says my public key is unusable:
$ echo test | gpg --clearsign gpg: no default secret key: Unusable public key gpg: [stdin]: clear-sign failed: Unusable public key
But if I specify that user ID directly, it works as it should:
$ echo test | gpg --clearsign --default-key email@example.com gpg: using "firstname.lastname@example.org" as default secret key for signing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 test -----BEGIN PGP SIGNATURE-----
The manual says it should be working out of the box:
--default-key name Use name as default user ID for signatures. If this is not used the default user ID is the first user ID found in the secret keyring.
Conversely, if I remove the card, signing also starts working as expected.
I'm using GnuPG 2.2.19:
$ gpg --version gpg (GnuPG) 2.2.19 libgcrypt 1.8.5
I'll be happy to give detailed instructions to archiving this setup, if this issue is non-obvious.