Gnupg 2.1.7 can't decrypt using smartcard key.

perillamint perillamint at gentoo.moe
Sun Sep 13 18:30:42 CEST 2015


Yes. I generated single key with Signing Certification Encryption
Authorization ablity.

If it is not supported by GnuPG, Re-generating key with Signing
Certification Encryption key (It's GnuPG default. I think..) and adding
subkey with Authorization (for SSH auth) can be a solution?

Thanks.

On 13/09/15 10:27, NIIBE Yutaka wrote:
> On 09/12/2015 09:03 PM, perillamint wrote:
>> Signature key ....: 09CD 5C9E 15E4 F7CA 123A  8A25 5840 050B 37AA 8068
>>       created ....: 2015-09-10 18:40:00
>> Encryption key....: 09CD 5C9E 15E4 F7CA 123A  8A25 5840 050B 37AA 8068
>>       created ....: 2015-09-10 18:40:00
>> Authentication key: 09CD 5C9E 15E4 F7CA 123A  8A25 5840 050B 37AA 8068
>>       created ....: 2015-09-10 18:40:00
>> General key info..: pub  rsa4096/37AA8068 2015-09-10 perillamint
>> <perillamint at gentoo.moe>
>> sec>  rsa4096/37AA8068  created: 2015-09-10  expires: 2017-09-09
>>                         card-no: F517 76EB5FFA
> 
> I think that there must be something broken.  It shows that all of
> keys on your card are same (37AA8068).
> 
> As I showed in the previous mail, each key should have different
> fingerprint.
> 
> In another command of the following, I can check:
> 
> ===========================
> $ gpg-connect-agent "KEYINFO --list" /bye
> S KEYINFO 5D6C89682D07CCFC034AF508420BF2276D8018ED T D276000124010200F517000000010000 OPENPGP.3 - - - - -
> S KEYINFO 101DE7B639FE29F4636BDEECF442A9273AFA6565 T D276000124010200F517000000010000 OPENPGP.1 - - - - -
> S KEYINFO 65F67E742101C7FE6D5B33FCEFCF4F65EAF0688C T D276000124010200F517000000010000 OPENPGP.2 - - - - -
> OK
> $
> ===========================
> 
> It shows that I have three different keys on a card.
> 
> Could you check it?
> 
> Or, did you intentionally register a single key to multiple slots?  I
> think that this kind of use case is not supported by GnuPG.  It
> assumes that each key on card is different.  In that case, I'd
> understand the reason why it returns an error of "Invalid ID".
> 



More information about the Gnupg-users mailing list