Separate OpenPGP cards for master key and sub-keys

Wed Jun 5 19:37:09 CEST 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Le 05/06/2013 14:50, Peter Lebbing a écrit :
> On 05/06/13 12:55, Mustrum wrote:
>> The keytocard command displays the 3 slots, but none of them are
>> listed as a valid choice. I've to choose from an empty list.
> 
> Ah. I hadn't noticed that. I believe the problem is that the "Key
> attributes" (displayed on --card-edit) force a specific keylength
> and keytocard only works for that keylength. I think I remember the
> solution was to create a key on card of the desired length, and
> then overwrite that one with keytocard.
> 
> Peter.
> 

I moved a 4096/rsa signature key to the card, with succes, and tried
to overwrite it with my real primary key

gpg> keytocard
Really move the primary key? (y/N) y
Signature key ....: A41C 227F C1EB BA5C 3CFE  776D C011 169C 983F E396
Encryption key....: [none]
Authentication key: [none]

Please select where to store the key:
Your selection? 1
Invalid selection.
Your selection? 2
Invalid selection.
Your selection? 3
Invalid selection.
Your selection? 0
Invalid selection.
Your selection? 4
Invalid selection.
Your selection? 42
Invalid selection.
Your selection?

Same issue, no valid selection avalaible.

I'm quite sur the root cause is the "certification only" capacity of
my key:

usage: C  <-primary

usage: S  <-subkey
usage: E  <-subkey

All keys with the S or E flags are fine.
All my real and test keys with only the C flag can't be move to my card.

Regards.