gpgsm --gen-key with existing key from "ssh-add" fails

Werner Koch wk at
Sun Mar 29 18:16:03 CEST 2020

On Thu, 26 Mar 2020 09:54, Daniel Kahn Gillmor said:

>     Now creating self-signed certificate.  This may take a while ...
>     gpgsm: error setting the public key: Invalid S-expression
>     gpgsm: error creating certificate request: Invalid S-expression <KSBA>
> note that the key created by ssh-key is 3072-bit RSA, not 1024.

> Using nettle-bin's sexp-conv, i see:

Better don't use Nettle's tool because it encodes un("|....|") but GnuPG
only implements only hex encoding ("#...#").  Binary output would thus
be easier to analyze, or put


into gpg-agent.conf and change the passphrase so that that the file gets
rewritten.  I fear that single stepping is the best way to track this

BTW, That option is anyway the default in 2.3 because it allows to add
meta data with an editor, like

 Label: My key on the green painted yubikey.
 Key: ....

The Label for example is shown by the pinentry.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 2734 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list