We have a package that we're trying to create a detached signature for, to ensure the other end can be confident it's from us.

I know how to specify the correct identities when creating a key-pair since gpg --gen-key specifically asks for the identity. I also know how to export the public and private keys for a given identity:

gpg --export             me@somewhere.com --armour --output key.public
gpg --export-secret-keys me@somewhere.com --armour --output key.private

and that the public key should be distributed and imported at the receiving end for verification:

gpg --import key.public

However (my first question), I don't know how to specify a particular key-pair in the situation where a single identity may have more than one. For example, say we have two key-pairs for me@somewhere.com, one for software install packages and one for secure shell access. How would I go about exporting only one of those pairs?

My second question has more to do with generating and verifying a signature over a document.

How does the command:

gpg --detach-sig inputDoc --output detachedSigDoc

actually know which key-pair to use for creating the signature? I see there's a --local-user which allows you to "specify a user id to use for signing" but how does that work when there are multiple key-pairs for a given identity?

In any case, there doesn't appear to be an equivalent operation for the gpg --verify option so how can we specify the key-pair to use when checking the source of the file?

For what it's worth, we're using GnuPG version 1 since we're on an embedded system.