signing failed with master key when I have stronger subkeys

Dongsheng Song dongsheng.song at gmail.com
Fri Aug 14 14:45:44 CEST 2015


On Fri, Aug 14, 2015 at 6:34 PM, Werner Koch <wk at gnupg.org> wrote:
> On Fri, 14 Aug 2015 10:15, dongsheng.song at gmail.com said:
>
>>     sec   rsa2048/46D397FF 2008-02-02
>>     ssb   rsa2048/7547A8A9 2008-02-02
>>     ssb#  brainpoolP512r1/DD1C5659 2015-06-24
>>     ssb#  brainpoolP512r1/24BEAC25 2015-06-24
>>     ssb#  rsa4096/F7BC1BF1 2015-06-24
>>
>> Then I can not signing anymore even when I use --default-key or
>> --local-user to specify 46D397FF or 7547A8A9:
>>
>>     gpg: signing failed: No secret key
>
> gpg uses the lates signing capable subkey.  However you removed the
> secret part of that key (one of the brainpool keeys I assume) and thus
> gpg can't do that.  The '#' indicates that the secret part is somewhere
> available.
>
> What about using
>
>   -u 7547A8A9\!
>
> (note the exclamation mark) to force the use of that subkey?
>

No good news.

D:\>gpg  -u "7547A8A9\!" --clearsign relay.txt
gpg: skipped "7547A8A9\!": No secret key
gpg: relay.txt: clearsign failed: No secret key

D:\>gpg  -u "7547A8A9!" --clearsign relay.txt
gpg: skipped "7547A8A9!": Unusable secret key
gpg: relay.txt: clearsign failed: Unusable secret key

D:\>gpg -K
----------------------------------------------------
sec   rsa2048/46D397FF 2008-02-02
ssb   rsa2048/7547A8A9 2008-02-02
ssb#  brainpoolP512r1/DD1C5659 2015-06-24
ssb#  brainpoolP512r1/24BEAC25 2015-06-24
ssb#  rsa4096/F7BC1BF1 2015-06-24



More information about the Gnupg-users mailing list