Separate OpenPGP cards for master key and sub-keys

Peter Lebbing peter at
Wed Jun 5 20:20:25 CEST 2013

On 05/06/13 19:37, Mustrum wrote:
> I'm quite sur the root cause is the "certification only" capacity of my
> key:

I'm quite sure I never had data signature capability on my primary key. And I
moved it to an OpenPGP v2 card, so it worked for me. I did use a 2048-bit key,
but I don't see why that should make a difference.

You could try to temporarily add data signature capability to your primary
key, and see if it accepts it then. Then remove it afterwards. But I can't
come up with something better right now, sorry.

Good luck,


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list