Due to an upstream limitation of gpgme, the fwknop client is unable to specify a subkey to use when encrypting/signing (eg. when using a larger subkey for mail encryption and a smaller subkey to ensure SPA packet falls within the maximum MTU) through the gpgme interface. There is an open upstream wishlist item (https://dev.gnupg.org/T3325) and initial discussion on the GnuPG users mail list (https://lists.gnupg.org/pipermail/gnupg-users/2017-August/058824.html). Hopefully helpful to incorporate into the gpgme functions for libfko once upstream enhancement made.