OpenPGP 2.0 and Hushmail keys

Sean Wilson mcse83 at
Thu Sep 10 19:36:38 CEST 2009

This is the error I get when I try to decrypt Hushmail emails in
Thunderbird with the OpenPGP card:

Error - secret key needed to decrypt message

gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader `AKS VR 0'
gpg: detected reader `Aladdin Token JC 0'
gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
gpg: fingerprint on card does not match requested one (huh, whats this
gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created 2006-07-11
      ""xxxxxxxxxx at" <xxxxxxxxx at>"
gpg: encrypted with 2048-bit RSA-E key, ID xxxxxxxx, created 2009-05-27
      ""xxxxxxxx at" <xxxxxxxxxxx at>"
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available

This happens after copying my Hushmail keys to the OpenPGP card...

David Shaw wrote:
> On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
>> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>>> From what I understand Hushmail is based on OpenPGP so it should work.
>> The key I have from my Hushmail account is 2048bit in length but once I
>> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
>> anymore, any idea why?
> It should work fine.  It sounds like a different sort of problem.
>> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will
>> anyone be able to export or copy the private key (if the OpenPGP card is
>> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere
>> else besides on the card?
> No, but there is a stub secret key that lives in the usual secret
> keyring.  This isn't a true secret key (it does not contain the actual
> key data), but is the OpenPGP information (user IDs and other things),
> along with a pointer that says "the key is on smartcard XYZ".
> So if they can get ahold of your computer, someone could steal this
> stub, but there is nothing secret about it, and it won't do them any
> good.
> David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5590 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20090910/09126477/attachment-0001.bin>

More information about the Gnupg-users mailing list