Smartcards - using them over multiple computers and deleting their 'private keys'

Duplicity Mailing List duplicitymailinglist at mail.ru
Mon Dec 1 22:02:17 CET 2014 

On 01/12/14 18:27, Duplicity Mailing List wrote:
> I bought a GPG smartcard, but, I'm having issues using it. I first
> tested it out on my desktop and messed around with it a little
> generating a few keys, now I've populated my keyring with a bunch of
> keys I have no idea how to delete, any help?
> 
>> $ gpg2 --delete-secret-key ${KEYID}
>>
>> sec  rsa2048/${KEYID} ${DATE} ${NAME} (${COMMENT}) <${EMAIL}>
>>
>> Delete this key from the keyring? (y/N) y
>> This is a secret key! - really delete? (y/N) y
>> gpg: deleting secret key failed: Not possible with a card based key
>> gpg: deleting secret subkey failed: Not possible with a card based key
>> gpg: deleting secret subkey failed: Not possible with a card based key
>> gpg: ${KEYID}: delete key failed: Not possible with a card based key
> 
> 
> _________________
> 
> 
> The second issue is when I was happy with how the GPG key worked, I went
> over to an offline compuer I launched up a live CD, I generated the key,
> imported it to the card, backed up the private key and transferred the
> public key a webserver that allowed raw viewing, I then went into my
> card (`gpg2 --card-edit`) and allocated it the url (`admin` `url`
> `https://path.to/raw/public.key`). On my desktop I can now do:-
> 
>> $ gpg2 --card-edit
>> ${CARD_STATUS}
>> gpg/card> fetch
>> gpg: requesting key ${KEYID} from https server ${DOMAIN}
>> gpg: key ${KEYID}: public key "${NAME} (${COMMENT}) <${EMAIL}>" imported
>> gpg: Total number processed: 1
>> gpg:               imported: 1
> 
> But if I then go to decrypt a file encrypted for that public key, it
> doesn't attempt to use the smartcard, it just errors out:-
> 
>> $ gpg2 -d b.gpg
>> gpg: encrypted with 2048-bit RSA key, ID ${ENCID}, created 2014-12-01
>>      "${NAME} (${COMMENT}) <${EMAIL}>"
>> gpg: decryption failed: No secret key
> 
> How do I get gpg to link the public key and my smartcard together? It
> works fine if the GPG key was generated and imported _on the current
> computer_, but, I can't get it to link with the card otherwise (And
> running `gpg2 --card-status` doesn't help).
> 
> Thanks in advance.
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

Sorry, both issues were solved by downgrading from 2.1.0 to 2.0.26 (Both
Arch Linux repo packages), after looking at the bug tracker it seems a
very similar (Although not identical) issue has been reported, so, I'm
going to wait for that to be resolved before I start opening issues of
my own.

See:- https://bugs.g10code.com/gnupg/issue1759

Thanks, sorry for not reading the bugtracker first.

More information about the Gnupg-users mailing list