Smartcards - using them over multiple computers and deleting their 'private keys'

Duplicity Mailing List duplicitymailinglist at mail.ru
Mon Dec 1 19:27:35 CET 2014 

I bought a GPG smartcard, but, I'm having issues using it. I first
tested it out on my desktop and messed around with it a little
generating a few keys, now I've populated my keyring with a bunch of
keys I have no idea how to delete, any help?

>$ gpg2 --delete-secret-key ${KEYID}
>
>sec  rsa2048/${KEYID} ${DATE} ${NAME} (${COMMENT}) <${EMAIL}>
>
>Delete this key from the keyring? (y/N) y
>This is a secret key! - really delete? (y/N) y
>gpg: deleting secret key failed: Not possible with a card based key
>gpg: deleting secret subkey failed: Not possible with a card based key
>gpg: deleting secret subkey failed: Not possible with a card based key
>gpg: ${KEYID}: delete key failed: Not possible with a card based key


_________________


The second issue is when I was happy with how the GPG key worked, I went
over to an offline compuer I launched up a live CD, I generated the key,
imported it to the card, backed up the private key and transferred the
public key a webserver that allowed raw viewing, I then went into my
card (`gpg2 --card-edit`) and allocated it the url (`admin` `url`
`https://path.to/raw/public.key`). On my desktop I can now do:-

>$ gpg2 --card-edit
>${CARD_STATUS}
>gpg/card> fetch
>gpg: requesting key ${KEYID} from https server ${DOMAIN}
>gpg: key ${KEYID}: public key "${NAME} (${COMMENT}) <${EMAIL}>" imported
>gpg: Total number processed: 1
>gpg:               imported: 1

But if I then go to decrypt a file encrypted for that public key, it
doesn't attempt to use the smartcard, it just errors out:-

>$ gpg2 -d b.gpg
>gpg: encrypted with 2048-bit RSA key, ID ${ENCID}, created 2014-12-01
>      "${NAME} (${COMMENT}) <${EMAIL}>"
>gpg: decryption failed: No secret key

How do I get gpg to link the public key and my smartcard together? It
works fine if the GPG key was generated and imported _on the current
computer_, but, I can't get it to link with the card otherwise (And
running `gpg2 --card-status` doesn't help).

Thanks in advance.

More information about the Gnupg-users mailing list