smartcard stub not imported when migrating to gnupg 2.1
wk at gnupg.org
Wed Jul 10 13:22:46 CEST 2013
On Wed, 3 Jul 2013 18:40, alphazo at gmail.com said:
> - One master key for signing with private key material not present
> - One subkey for signing protected by passphrase
> - One subkey for encryption with private key material stored on a
> cryptostick therefore there is a stub here.
> I only got prompted for the passphrase for the signing key.
Right. This is because there is just one real secret key.
> Then when I list the private keys I can see them all with a (#) showing
> that the private key material is not there.
> sec# 4096R/C23D45E6 2010-11-07
> uid Test Key <test at key.com>
> ssb 3072R/4BC5DE67 2010-11-07 [expire : 2014-11-03]
> ssb# 3072R/A45B67C8 2010-11-07 [expire : 2014-11-03]
What I see is that the secret key for 4BC5DE67 is there. That seems to
be the signing subkey.
> However when trying to decrypt gnupg returns that there is no private key
> available for this key. It doesn't aks for the cryptostick as well.
What does "gpg2 --card-status" show? Does it list A45B67C8 as the
second key of the card? But wait. Checking the code I see that there
is indeed something missing: gpg-agent does not know that a smartcard
with the given subkey exists. Thus the internal HAVEKEY query send from
gpg to the agent can only return "no such key". Thus what we need is a
way for gpg to ask gpg-agent to create a stub key if it is missing; we
do this with gpgsm but for whatever reason this has not yet been
implemented in 2.1.
So, please have some more patience; I need to add this for the next
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel