Signing with a key on a smart card
Jérôme Blanc
jerome.blanc at nerim.net
Tue Aug 4 22:01:20 CEST 2009
Hello,
I'm currently toying with an OpenPGP smart card, but I meet some
difficulties getting how this works.
I have the Smart Card properly set up (at least I do think so ;-)) :
[gemini at Gemini ~]$ gpg --card-status
gpg: detected reader `Gemplus GemPC Twin 00 00'
[…]
Signature key ....: 5898 DBEA 1139 733B ACFD 7880 E8B6 F7C5 2B20 7AEF
created ....: 2009-08-02 11:34:17
Encryption key....: A52C FAAC D39F 252D A2C4 0149 2B0F 7310 7C9E D800
created ....: 2009-08-02 11:37:25
Authentication key: D179 47D8 3B01 87A3 3C86 1AB0 2E8D 6DE6 F8D5 6EFC
created ....: 2009-08-04 19:22:04
In the keyring, I have 3 private master keys, for handling 3 different
identities.
In the gpg.conf, the default key is the master key that generated the
subkeys that are on the smart card.
I can cipher and decipher using the keys on the smart card. However,
when I try to sign a file, then I have the following :
[gemini at Gemini ~]$ gpg --sign -u 2B207AEF test.txt
Le fichier `test.txt.gpg' existe. Réécrire par-dessus ? (o/N)
gpg: detected reader `Gemplus GemPC Twin 00 00'
gpg: la signature a échoué: mauvaise clé secrète utilisée
gpg: signing failed: mauvaise clé secrète utilisée
which means => signing failed: wrong secret key used
Signing works with the two other master keys. As well, using the same
card on another computer works, with an empty gpg keyring but the
public keys related to it.
Does this mean I have no other choice but to remove master keys of that
"identity" in order to be able to use the card with my computer ?
Thanks !
Regards,
--
Jérôme Blanc
OpenPGP : 1024D/F44DB96C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090804/64a16b9f/attachment.pgp>
More information about the Gnupg-users
mailing list