I seldom use GnuPG to encrypt and sign stuff and I've recently started using a smartcard to simplify my workflow whenever I'm not at my primary computer.

Quick recap

By default GnuPG creates two keys:

• a CS master key to Certify and Sign
• an E subkey to Encrypt

As you may expect using my master key on the go is particularly dangerous, so I decided to generate a new subkey just for signing purposes.
There are plenty of tutorials to explain how to do that and how to provision an OpenPGP-compliant smartcard; beside, this is not the goal of this quick post.

As I have few subkeys in my GnuPG keychain with similar usage (eg S to Sign) GnuPG picks the last generated valid subkey for the requested operation, but how can I change that?
For example, if these were my subkeys:

sec#  rsa4096 2021-11-20 [SC] [expires: 2022-01-20]
      5CCC60729FB16E6408B3CC2889257ACDC4B3499C
uid           [ultimate] John Doe (DUMMY KEY FOR DEMO PURPOSES DO NOT USE) <fake.john@fake-domain.nope>
ssb   rsa4096 2021-11-20 [E] [expires: 2022-01-20]
      A22074347A21A2D4CEEE76915B757ECDEFF73346
ssb>  rsa4096 2021-11-21 [S] [expires: 2022-01-20]
      7775DA41CE45460A38C402136404B97904A6B3C5
ssb   ed25519 2021-11-25 [S] [expires: 2021-12-25]
      5B5822CD8CC3DEDF83E2FF06645E86A7FC15B6AE

How would I actually sign with key 6404B97904A6B3C5 instead of the last one?
gpg(1) mentions the --local-user argument. However, upon trying, it doesn't seem to achieve the goal of picking the right subkey.

After an awful lot of googling around, I found the answer to my question on a thread from 2002.

The way to correctly select an existing subkey is to append a ! at the end of the key ID to be used.
For example, to use the subkey 6404B97904A6B3C5 above to do a clearsign the command should be:

gpg --clear-sign --local-user 7775DA41CE45460A38C402136404B97904A6B3C5!