gpg: KEYTOCARD failed: Unusable secret key

Andrew Gallagher andrewg at
Tue Jul 26 13:22:08 CEST 2016

On 26/07/16 11:05, Felix E. Klee wrote:
> Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I
> want to install the key to a second card, but that failed:
>     # gpg --edit-key $KEY
>     [...]
>     gpg> toggle
>     [...]
>     ggp> keytocard
>     Really move the primary key? (y/N) y
>     [...]
>     Please select where to store the key:
>        (1) Signature key
>        (3) Authentication key
>     Your selection? 1
>     gpg: WARNING: such a key has already been stored on the card!
>     Replace existing key? (y/N) y
>     gpg: KEYTOCARD failed: Unusable secret key
> Why did it work for the first card but not for the second one?
> I assume, although `keytocard` is documented as *moving* the key to the
> card, it actually copies it.

It copies, but if you then save the changes to your local disk, the
original copy on local disk is deleted - so calling it a "move"
operation is correct. If you want to keep a backup copy on local disk,
you need to quit *without saving* immediately after running 'keytocard'.
This behaviour is a well-known gotcha.

What does it say when you run "gpg --list-secret-keys" on your local
machine now?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160726/34dd6dfe/attachment-0001.sig>

More information about the Gnupg-users mailing list