Decryption fails with 4096bit key on SmartCard

Marcus Ilgner marcus.ilgner at
Tue Sep 22 08:51:17 CEST 2015

Hello all,

I've been using GnuPG for some time now and recently became the proud owner
of a NitroKey hardware dongle which includes a SmartCard for key storage.
This was straightforward to set up and I created separate subkeys (4096
bit) for encryption, signing and authentication and moved them to the card.
And while encrypting and signing works fine, I just received a mail that
has been encrypted for the new key and found that I cannot decrypt it.
My GnuPG version is gpg (GnuPG) 2.1.8, libgcrypt 1.6.4 (i.e. current
versions in Arch Linux) and the output is:

gpg: public key decryption failed: Missing item in object
gpg: decryption failed: No secret key

I found a very old discussion here which seems to
discuss the same problem but as it's already a couple of years old I assume
that it has been solved in the meantime. Otherwise I find it very odd that
GPG would let me even move the key to the card without saying something
like "If you do that, you won't be able to decrypt messages...".

If there's anything I can do, including debugging and other
development-related things, let me know, I really want to get this to work

All the best
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150922/acff36d0/attachment.html>

More information about the Gnupg-users mailing list