OpenPGP card, gpgsm, decrypt

Peter Lebbing peter at digitalbrains.com
Mon Sep 23 20:23:03 CEST 2013


On 23/09/13 11:01, Jörg Deckert wrote:
>    (1) C080E663512A54C29D1D1108308AF44D28A0EBAE OPENPGP.1
>    (2) F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2 OPENPGP.2
>    (3) 719D81D0405AF65B1BEC322725CB23DCECE389C4 OPENPGP.3
> Your selection? 3
> Possible actions for a RSA key:
>    (1) sign, encrypt
>    (2) sign
>    (3) encrypt
> Your selection? 1
> [...]
>     Key-Type: card:OPENPGP.3
>     Key-Length: 1024
>     Key-Usage: sign, encrypt

I think I see what's going wrong here. On my card, OPENPGP.3 refers to the
authentication key. If you are trying to use this to decrypt stuff, the card
will outright refuse. Only the encryption key of the card will decrypt stuff,
and that one should refuse to sign. The other two will only sign stuff.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list