Signing with a key on a smart card

Jérôme Blanc jerome.blanc at nerim.net
Wed Sep 2 10:55:34 CEST 2009


Hello, 

anyone that could explain me how gpg chooses which secret key to use or
how I could tell gpg which one to use ? 

Or maybe a way I can tell gpg not to use the smart card while on a
certain computer.

I still don't get why it doesn't manage to use the proper secret key
and google is definitely not my friend.

Thanks 

Le mardi 04 août 2009 à 22:01, Jérôme Blanc
<jerome.blanc at nerim.net> a écrit :

> Hello, 
> 
> I'm currently toying with an OpenPGP smart card, but I meet some
> difficulties getting how this works. 
> 
> I have the Smart Card properly set up (at least I do think so ;-)) : 
> 
> [gemini at Gemini ~]$ gpg --card-status
> 
> gpg: detected reader `Gemplus GemPC Twin 00 00'
> […]
> Signature key ....: 5898 DBEA 1139 733B ACFD  7880 E8B6 F7C5 2B20 7AEF
>       created ....: 2009-08-02 11:34:17
> Encryption key....: A52C FAAC D39F 252D A2C4  0149 2B0F 7310 7C9E D800
>       created ....: 2009-08-02 11:37:25
> Authentication key: D179 47D8 3B01 87A3 3C86  1AB0 2E8D 6DE6 F8D5 6EFC
>       created ....: 2009-08-04 19:22:04
> In the keyring, I have 3 private master keys, for handling 3 different
> identities. 
> 
> In the gpg.conf, the default key is the master key that generated the
> subkeys that are on the smart card.
> 
> I can cipher and decipher using the keys on the smart card. However,
> when I try to sign a file, then I have the following : 
> 
> [gemini at Gemini ~]$ gpg --sign -u 2B207AEF test.txt
> Le fichier `test.txt.gpg' existe. Réécrire par-dessus ? (o/N)
> gpg: detected reader `Gemplus GemPC Twin 00 00'
> gpg: la signature a échoué: mauvaise clé secrète utilisée
> gpg: signing failed: mauvaise clé secrète utilisée
> 
> which means => signing failed: wrong secret key used
> 
> Signing works with the two other master keys.  As well, using the same
> card on another computer works, with an empty gpg keyring but the
> public keys related to it.
> 
> Does this mean I have no other choice but to remove master keys of
> that "identity" in order to be able to use the card with my computer ?
> 
> Thanks ! 
> 
> Regards,


-- 
Jérôme Blanc
OpenPGP : 1024D/F44DB96C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20090902/2408f173/attachment.pgp>


More information about the Gnupg-users mailing list