Decryption fails with 4096bit key on SmartCard

Marcus Ilgner marcus.ilgner at
Tue Sep 22 15:26:11 CEST 2015

Thank you for the hint. I updated the gist at to include both the
output of `gpg --card-status` (which works fine) as well as the log for
trying to decrypt with CCID disabled in scdaemon.conf (which unfortunately
it yields the same error as before).
I don't know enough about the workings on the chip to make any guess about
possible origins of the error but I would have thought that all data stems
from the secret key? I.e. the key is moved to the card in full and the
blinded/public key as well as the fingerprints are derived from it there?
Also I did not receive any errors before, all other operations seem to work

So, again, thanks for helping to investigate! I hope we can find a solution
to this :)

All the best

On Tue, 22 Sep 2015 at 15:07 NIIBE Yutaka <gniibe at> wrote:

> On 2015-09-22 at 09:30 +0000, Marcus Ilgner wrote:
> > Here you can find the full
> > log:
> Thank you for the dump.  There are fingerprints and timestamps
> registered on the card.  But, it failed decryption with "No Record".
> Usually, it means there is no key on the card.
> Well, it's inconsistent.  After writing private key onto the card,
> fingerprint and timestamp are registered.
> What's the output of 'gpg --card-status'?
> By invoking 'gpg --card-status', scdaemon tries to access public key
> on card.  If it fails, I think that there were some troubles when you
> wrote decryption key onto card (but it proceeded without notifying the
> error, thus, having fingerprint and timestamps for decryption key,
> perhaps).
> I think that it's worth a try to run scdaemon with disable-ccid flag.
> Please include a line:
> =============== .gnupg/scdaemon.conf
> disable-ccid
> ===============
> It disables internal CCID driver and use PC/SC.  If it works, there
> is some bug in internal CCID driver.
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150922/24ba09aa/attachment.html>

More information about the Gnupg-users mailing list