gpg --card-status always create proxy private keys

Alon Bar-Lev alon.barlev at
Sat Feb 11 22:00:05 CET 2017


This is a change in behaviour, I believe resulted by this[1] commit.
Everytime gpg --card-status is executed the proxy private keys at
~/.gnupg/private-keys-v1.d/ are created, also if no matching public
key in gpg.

It has the side effect of having duplicate keys when trying to
generate keys using gpg --card-edit without actually re-generate the
key on the card (return the same keygrip).

As a result usage of scd which only capable of reusing keys such as
PKCS#11 is now broken.

Interesting is that these keys are not available using gpg
--list-secret-keys as well so they cannot be removed.

If this change was intentional and keys should be cached when invoking
status even if not matching public keys, can you please consider
rewriting the same key when generating the keys?

Real name: test1
Email address: test1 at
You selected this USER-ID:
    "test1 <test1 at>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Key generation failed: File exists



More information about the Gnupg-devel mailing list