diff --git a/monkeysign/tests/test_ui.py b/monkeysign/tests/test_ui.py
index 40461bf635becc416d5ea9a039eb54abaab957fe..c1055ffe82543263fbb44091f6c79404388b1d39 100755
--- a/monkeysign/tests/test_ui.py
+++ b/monkeysign/tests/test_ui.py
@@ -370,6 +370,22 @@ this duplicates tests from the gpg code, but is necessary to test later function
             if 'rev:' in uid:
                 self.assertNotIn('sig:::1:A31E75E4323F39BD', uid)
 
+    def test_multiple_secrets(self):
+        """test if we pick the right key define in gpg.conf"""
+        # configure gpg to use the *first* test key as a default key
+        with open(os.path.join(self.ui.keyring.homedir, 'gpg.conf'), 'w') as f:
+            f.write('default-key 96F47C6A')
+        self.ui.prepare()
+        self.test_copy_secrets()
+        self.ui.keyring.import_data(open(find_test_file('323F39BD.asc')).read())
+        self.ui.keyring.import_data(open(find_test_file('323F39BD-secret.asc')).read())
+        self.test_copy_secrets()
+        self.ui.sign_key()
+        self.ui.tmpkeyring.context.call_command(['list-sigs', '7B75921E'])
+        # this is the secondary test key, it shouldn't have signed this
+        self.assertNotIn('sig:::1:A31E75E4323F39BD:',
+                         self.ui.tmpkeyring.context.stdout)
+
     def test_create_mail_multiple(self):
         """test if exported keys contain the right uid"""
         self.test_sign_key()
diff --git a/monkeysign/ui.py b/monkeysign/ui.py
index 5522aebae264f8813ed6319bd5adb4ec23975ff2..10fd6bf82ed5b9aa423560c48446c22f3386345b 100644
--- a/monkeysign/ui.py
+++ b/monkeysign/ui.py
@@ -574,9 +574,23 @@ chose. it could vary based on default-key, for example, or some weird
 ordering.
         """
         logger.info(_('copying your public key to temporary keyring in %s') % self.tmpkeyring.homedir)
-        # detect the proper uid
-        keys = self.keyring.get_keys(self.options.user, True, False)
 
+        # detect default key setting
+        default_key = self.options.user
+        try:
+            with open(os.path.join(self.tmpkeyring.homedir,
+                                   'gpg.conf'), 'r') as conf:
+                result = re.search(r'^default-key\s+(.*)$', conf.read(), re.M)
+                if result:
+                    default_key = result.group(1)
+                    logging.info(_('found default-key setting: %s'), default_key)
+        except IOError as e:
+            if e.errno != errno.ENOENT:
+                raise
+        logging.info(_('looking for key %s'), default_key)
+
+        # detect the proper uid
+        keys = self.keyring.get_keys(default_key, True, False)
         for fpr, key in keys.iteritems():
             logger.info(_('found secret key: %s'), key)
             if not key.invalid and not key.disabled and not key.expired and not key.revoked: