Decryption fails with Crypto Stick + GnuPG 2.0.18

Einar Ryeng einarr at
Sun Feb 5 14:20:14 CET 2012


I'm having trouble with GnuPG 2.0.18 and Crypto Stick on Debian
unstable. My key is a 4096 bit RSA key where only subkeys reside on
the Crypto Stick, while the private main key is kept offline.

With this setup I get the following symptoms:
 - gpg2 --card-status works as expected
 - Signing works fine with gpg2
 - SSH integration works fine
 - Decryption FAILS with gpg2
 - However, gpg 1.4 decrypts fine, provided I first kill scdaemon.

The output from gpg2 is not overly helpful:
einarr at barium:~/gpgtest$ LANG=en gpg2 passwd.gpg 
gpg: can't connect to the agent - trying fall back
gpg: encrypted with 4096-bit RSA key, ID 9A6EE054, created 2011-12-14
      "Einar Ryeng <einarr at>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key

(btw, this is not related to the agent not running)

I suspect this might be a bug somewhere either in gpg2 or scdaemon.
Using the debug option on gpg2 did not give me anything useful. How
should I proceed to debug this? I'd guess that the line "decryption
failed: No secret key" means that gpg2 has asked scdaemon for that key
and got back a negative response. 

Can anyone confirm that they get this combination to work:
GnuPG 2.0.18, Crypto Stick (or for that matter any OpenPGP
smart card implementation) and 4096 bit keys?

Einar Ryeng

More information about the Gnupg-users mailing list