I'm trying to figure out how to cross-sign two keys. One reference says we should use:
gpg --local-user 0xfedcba98 --edit 0x76543210 sign
gpg --local-user 0x76543210 --edit 0xfedcba98 sign
That's an old reference, so I assume we should be using --edit-key now. When I try, I am able to get the first key to sign the second, but the reverse fails....
Edit: After repairing one error having to do with proper quotation of passwords on the command line, I tried Esa's suggestion with --default-key, and which appears in his first linked article by Daniel Pecos Martínez. I was still unable to sign the first key by the second. I was getting this error:
$ gpg --default-key 76543210 --edit-key fedcba98 sign
[snip]
gpg: Warning: not using '76543210' as default key: No secret key
gpg: all values passed to '--default-key' ignored
"MyName <me@mine.com>" was already signed by key fedcba98
Nothing to sign with key fedcba98
The solution I found, and this is necessary whether using --edit-key ... sign, --sign-key or --quick-sign-key, is to use --local-user as stated in the link above. --default-key does not work!
The man page says that --local-user overrides --default-key, so I am guessing that the key database has some notion of default which will not be overridden by --default-key but will be by --local-user. I am uncertain, but this may be complicated by the fact that both of my keys have the same UID. If anyone can confirm and maybe even offer a way to change the database's default, perhaps they might add it in the comments.
I am running:
$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
