Decryption fails with Crypto Stick + GnuPG 2.0.18
einarr at pvv.org
Sun Feb 5 14:20:14 CET 2012
I'm having trouble with GnuPG 2.0.18 and Crypto Stick on Debian
unstable. My key is a 4096 bit RSA key where only subkeys reside on
the Crypto Stick, while the private main key is kept offline.
With this setup I get the following symptoms:
- gpg2 --card-status works as expected
- Signing works fine with gpg2
- SSH integration works fine
- Decryption FAILS with gpg2
- However, gpg 1.4 decrypts fine, provided I first kill scdaemon.
The output from gpg2 is not overly helpful:
einarr at barium:~/gpgtest$ LANG=en gpg2 passwd.gpg
gpg: can't connect to the agent - trying fall back
gpg: encrypted with 4096-bit RSA key, ID 9A6EE054, created 2011-12-14
"Einar Ryeng <einarr at pvv.org>"
gpg: public key decryption failed: General error
gpg: decryption failed: No secret key
(btw, this is not related to the agent not running)
I suspect this might be a bug somewhere either in gpg2 or scdaemon.
Using the debug option on gpg2 did not give me anything useful. How
should I proceed to debug this? I'd guess that the line "decryption
failed: No secret key" means that gpg2 has asked scdaemon for that key
and got back a negative response.
Can anyone confirm that they get this combination to work:
GnuPG 2.0.18, Crypto Stick (or for that matter any OpenPGP
smart card implementation) and 4096 bit keys?
More information about the Gnupg-users