How to make "gpg --card-status" forget an old card

NIIBE Yutaka gniibe at
Wed Mar 16 03:14:37 CET 2016

On 03/16/2016 07:19 AM, Arthur Ulfeldt wrote:
> I got a new Yubikee Neo and loaded my encryption key to it and
> generated new signing and authentication keys. everytime I try to
> decrypt a file using the new key, it asks me to insert the old key.
> (which i don't have here).
> When I run gpg --card-status I see that it still associates the key
> with the old key:
> ~ » gpg --card-status
>                  arthur at a:13:32:50
> Reader ...........: 1050:0111:X:0

You are talking about GnuPG 2.1.x, right?

IIUC, for now, there is no way to remove secret key stub by GnuPG.

We can identify the keygrip by:

    gpg-connect-agent 'KEYINFO --list' /bye

I can see something like:

    S KEYINFO 79709FD2793C6A95E0CEF2D6B347CD68FC35B671 T
D276000124010200FFFE872549450000 OPENPGP.1 - - - - -

Then I can remove the file

No, I don't claim this is the way to remove secret key (stub) for
smartcard.  I am only explaining current situation.

I'll consider for improvement.   At least, I think that

    gpg-connect-agent "DELETE_KEY
79709FD2793C6A95E0CEF2D6B347CD68FC35B671" /bye

should be supported.

More information about the Gnupg-users mailing list