OpenPGP card, gpgsm, decrypt

Jörg Deckert joergd at
Tue Sep 24 08:03:42 CEST 2013

> I think I see what's going wrong here. On my card, OPENPGP.3 refers to the
> authentication key. If you are trying to use this to decrypt stuff, the card
> will outright refuse. Only the encryption key of the card will decrypt
> stuff, and that one should refuse to sign. The other two will only sign
> stuff.

Right. But if I use OPENPGP.2 to create the CSR, I get:

Really create request? (y/N) y
Now creating certificate request.  This may take a while ...
gpgsm: about to sign CSR for key: &F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2
gpgsm: signing failed: Invalid ID
gpgsm: error creating certificate request: Invalid ID <SCD>

This is because the encryption key cannot sign the CSR.

Jörg Deckert

More information about the Gnupg-users mailing list