OpenPGP 2.0 and Hushmail keys

Sean Wilson mcse83 at hotmail.com
Thu Sep 10 19:36:38 CEST 2009


This is the error I get when I try to decrypt Hushmail emails in
Thunderbird with the OpenPGP card:

Error - secret key needed to decrypt message

gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader `AKS VR 0'
gpg: detected reader `Aladdin Token JC 0'
gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
gpg: fingerprint on card does not match requested one (huh, whats this
mean?)
gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created 2006-07-11
      ""xxxxxxxxxx at hush.com" <xxxxxxxxx at hush.com>"
gpg: encrypted with 2048-bit RSA-E key, ID xxxxxxxx, created 2009-05-27
      ""xxxxxxxx at hushmail.com" <xxxxxxxxxxx at hushmail.com>"
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available

This happens after copying my Hushmail keys to the OpenPGP card...


David Shaw wrote:
> On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
>
>> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>>> From what I understand Hushmail is based on OpenPGP so it should work.
>> The key I have from my Hushmail account is 2048bit in length but once I
>> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
>> anymore, any idea why?
>
> It should work fine.  It sounds like a different sort of problem.
>
>> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will
>> anyone be able to export or copy the private key (if the OpenPGP card is
>> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere
>> else besides on the card?
>
> No, but there is a stub secret key that lives in the usual secret
> keyring.  This isn't a true secret key (it does not contain the actual
> key data), but is the OpenPGP information (user IDs and other things),
> along with a pointer that says "the key is on smartcard XYZ".
>
> So if they can get ahold of your computer, someone could steal this
> stub, but there is nothing secret about it, and it won't do them any
> good.
>
> David
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5590 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20090910/09126477/attachment-0001.bin>


More information about the Gnupg-users mailing list