How to make "gpg --card-status" forget an old card
NIIBE Yutaka
gniibe at fsij.org
Wed Mar 16 03:14:37 CET 2016
On 03/16/2016 07:19 AM, Arthur Ulfeldt wrote:
> I got a new Yubikee Neo and loaded my encryption key to it and
> generated new signing and authentication keys. everytime I try to
> decrypt a file using the new key, it asks me to insert the old key.
> (which i don't have here).
>
> When I run gpg --card-status I see that it still associates the key
> with the old key:
>
>
> ~ » gpg --card-status
>
> arthur at a:13:32:50
>
> Reader ...........: 1050:0111:X:0
You are talking about GnuPG 2.1.x, right?
IIUC, for now, there is no way to remove secret key stub by GnuPG.
We can identify the keygrip by:
gpg-connect-agent 'KEYINFO --list' /bye
I can see something like:
S KEYINFO 79709FD2793C6A95E0CEF2D6B347CD68FC35B671 T
D276000124010200FFFE872549450000 OPENPGP.1 - - - - -
Then I can remove the file
~/.gnupg/private-keys-v1.d/79709FD2793C6A95E0CEF2D6B347CD68FC35B671.key.
No, I don't claim this is the way to remove secret key (stub) for
smartcard. I am only explaining current situation.
I'll consider for improvement. At least, I think that
gpg-connect-agent "DELETE_KEY
79709FD2793C6A95E0CEF2D6B347CD68FC35B671" /bye
should be supported.
--
More information about the Gnupg-users
mailing list