gpg: KEYTOCARD failed: Unusable secret key
andrewg at andrewg.com
Tue Jul 26 13:22:08 CEST 2016
On 26/07/16 11:05, Felix E. Klee wrote:
> Successfully moved a key to an [OpenPGP-Card]. Now, as backup, I
> want to install the key to a second card, but that failed:
> # gpg --edit-key $KEY
> gpg> toggle
> ggp> keytocard
> Really move the primary key? (y/N) y
> Please select where to store the key:
> (1) Signature key
> (3) Authentication key
> Your selection? 1
> gpg: WARNING: such a key has already been stored on the card!
> Replace existing key? (y/N) y
> gpg: KEYTOCARD failed: Unusable secret key
> Why did it work for the first card but not for the second one?
> I assume, although `keytocard` is documented as *moving* the key to the
> card, it actually copies it.
It copies, but if you then save the changes to your local disk, the
original copy on local disk is deleted - so calling it a "move"
operation is correct. If you want to keep a backup copy on local disk,
you need to quit *without saving* immediately after running 'keytocard'.
This behaviour is a well-known gotcha.
What does it say when you run "gpg --list-secret-keys" on your local
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users