Signing with a key on a smart card

Jérôme Blanc jerome.blanc at
Tue Aug 4 22:01:20 CEST 2009


I'm currently toying with an OpenPGP smart card, but I meet some
difficulties getting how this works. 

I have the Smart Card properly set up (at least I do think so ;-)) : 

[gemini at Gemini ~]$ gpg --card-status

gpg: detected reader `Gemplus GemPC Twin 00 00'
Signature key ....: 5898 DBEA 1139 733B ACFD  7880 E8B6 F7C5 2B20 7AEF
      created ....: 2009-08-02 11:34:17
Encryption key....: A52C FAAC D39F 252D A2C4  0149 2B0F 7310 7C9E D800
      created ....: 2009-08-02 11:37:25
Authentication key: D179 47D8 3B01 87A3 3C86  1AB0 2E8D 6DE6 F8D5 6EFC
      created ....: 2009-08-04 19:22:04
In the keyring, I have 3 private master keys, for handling 3 different

In the gpg.conf, the default key is the master key that generated the
subkeys that are on the smart card.

I can cipher and decipher using the keys on the smart card. However,
when I try to sign a file, then I have the following : 

[gemini at Gemini ~]$ gpg --sign -u 2B207AEF test.txt
Le fichier `test.txt.gpg' existe. Réécrire par-dessus ? (o/N)
gpg: detected reader `Gemplus GemPC Twin 00 00'
gpg: la signature a échoué: mauvaise clé secrète utilisée
gpg: signing failed: mauvaise clé secrète utilisée

which means => signing failed: wrong secret key used

Signing works with the two other master keys.  As well, using the same
card on another computer works, with an empty gpg keyring but the
public keys related to it.

Does this mean I have no other choice but to remove master keys of that
"identity" in order to be able to use the card with my computer ?

Thanks ! 

Jérôme Blanc
OpenPGP : 1024D/F44DB96C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090804/64a16b9f/attachment.pgp>

More information about the Gnupg-users mailing list