By default, keybase seems to invoke gpg something like gpg -u <masterkeyid>. gpg then selects which subkey to sign with by looking for the most recently created subkey with usage S. Obviously this is not always the right key to use; selecting a different subkey is done by invoking gpg like gpg -u <subkeyid>! (note the trailing exclamation mark to force the use of the specific subkey that is named). This applies to all of the signing operations: keybase prove, keybase sign, etc.
I think there is also a similar issue with keybase encrypt; the recipient may have multiple encryption subkeys, in which case gpg will just select the most recently created encryption subkey, but this is not necessarily the one you want to use. If you know that you want to use a different encryption subkey, there should be a way to specify this.
mykey
commented
9 years ago
By default, keybase seems to invoke gpg something like
gpg -u <masterkeyid>. gpg then selects which subkey to sign with by looking for the most recently created subkey with usage S. Obviously this is not always the right key to use; selecting a different subkey is done by invoking gpg likegpg -u <subkeyid>!(note the trailing exclamation mark to force the use of the specific subkey that is named). This applies to all of the signing operations:keybase prove,keybase sign, etc.I think there is also a similar issue with
keybase encrypt; the recipient may have multiple encryption subkeys, in which case gpg will just select the most recently created encryption subkey, but this is not necessarily the one you want to use. If you know that you want to use a different encryption subkey, there should be a way to specify this.