gpg: KEYTOCARD failed: Unusable secret key
Andrew Gallagher
andrewg at andrewg.com
Tue Jul 26 13:22:08 CEST 2016
On 26/07/16 11:05, Felix E. Klee wrote:
> Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I
> want to install the key to a second card, but that failed:
>
> # gpg --edit-key $KEY
> [...]
> gpg> toggle
> [...]
> ggp> keytocard
> Really move the primary key? (y/N) y
> [...]
> Please select where to store the key:
> (1) Signature key
> (3) Authentication key
> Your selection? 1
>
> gpg: WARNING: such a key has already been stored on the card!
>
> Replace existing key? (y/N) y
> gpg: KEYTOCARD failed: Unusable secret key
>
> Why did it work for the first card but not for the second one?
>
> I assume, although `keytocard` is documented as *moving* the key to the
> card, it actually copies it.
It copies, but if you then save the changes to your local disk, the
original copy on local disk is deleted - so calling it a "move"
operation is correct. If you want to keep a backup copy on local disk,
you need to quit *without saving* immediately after running 'keytocard'.
This behaviour is a well-known gotcha.
What does it say when you run "gpg --list-secret-keys" on your local
machine now?
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160726/34dd6dfe/attachment-0001.sig>
More information about the Gnupg-users
mailing list