OpenPGP card, gpgsm, decrypt
Jörg Deckert
joergd at bitquell.de
Tue Sep 24 08:03:42 CEST 2013
> I think I see what's going wrong here. On my card, OPENPGP.3 refers to the
> authentication key. If you are trying to use this to decrypt stuff, the card
> will outright refuse. Only the encryption key of the card will decrypt
> stuff, and that one should refuse to sign. The other two will only sign
> stuff.
Right. But if I use OPENPGP.2 to create the CSR, I get:
Really create request? (y/N) y
Now creating certificate request. This may take a while ...
gpgsm: about to sign CSR for key: &F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2
gpgsm: signing failed: Invalid ID
gpgsm: error creating certificate request: Invalid ID <SCD>
This is because the encryption key cannot sign the CSR.
--
Jörg Deckert
More information about the Gnupg-users
mailing list