Separate OpenPGP cards for master key and sub-keys

Peter Lebbing peter at
Wed Jun 5 11:23:34 CEST 2013

On 03/06/13 14:41, Branko Majic wrote:
> Does anyone utilise this kind of schema?

I do this as well. The primary key is on a different card than the subkeys.

Unlike Pete, I had to resort to some key splitting and recombination tricks to
get GnuPG to recognise the situation. Perhaps this has since improved and is no
longer needed.

The thing is that when I stuck one smartcard in the computer and ran
--card-status, it would create a stub private key which only referred to the
card I had inserted. So far, this is obvious and correct. However, once I gave
it the other smartcard, I could not get GnuPG to update the private key stub to
refer to that smartcard as well.

Generating two stubs, one for each smartcard, 'gpgsplit'ting the secret key
stubs and recombining them to have stubs for both smartcards in one key, fixed
the situation for me.

If this happens to you as well, I can give detailed instructions.

Good luck,


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list