problem signing with a smart card

Tzafrir Cohen tzafrir at
Thu Jan 21 06:54:19 CET 2016


I have a g10code PGP smart card. Recently I have not been able to sign
using the card.

I generated a test gnupg directory to test stuff on a copy of the data:

I tried using various versions of gpg1 and gpg2 (.0), and all seem to
behave similarly, though I checked gpg (1.4.20) and gpg2 (2.0.28) most

$ gpg2 --home $PWD --list-secret-keys 
sec   4096R/19765111 2013-08-08 [expires: 2023-08-06]
uid                  Tzafrir Cohen <tzafrir at>
uid                  Tzafrir Cohen <tzafrir at>
uid                  Tzafrir Cohen <tzafrir.cohen at>
ssb>  3072R/0325A0CE 2014-09-29
ssb>  3072R/AFFB7FAE 2014-09-29
ssb>  3072R/07DAF838 2014-09-29
ssb   2048R/BBB53C25 2016-01-21

gpg2 --card-status shows keys matching to those three keys.

The last subkey is one I generated for testing.

The following work as expected:

  echo hi | /usr/bin/gpg --home $PWD --default-key '19765111!' --sign -a
  echo hi | /usr/bin/gpg --home $PWD --default-key 'BBB53C25!' --sign -a


  echo hi | /usr/bin/gpg --home $PWD --default-key '0325A0CE!' --sign -a


gpg: no default secret key: unusable secret key
gpg: signing failed: unusable secret key

If I omit the option --default-key or give there 19765111, I get a
signature by BBB53C25 (and before I created it: by the main key).

I did verify I can use the encryption key to decrypt some encrypted
files I had (this works just fine).

What more can I do to check where the problem is?

System is Debian Testing.

Tzafrir Cohen         | tzafrir at | VIM is |                    | a Mutt's
tzafrir at |                    |  best
tzafrir at    |                    | friend

More information about the Gnupg-users mailing list