Setting up two identical Yubikeys - specific error

Dima Stopel dima at
Thu May 10 20:43:07 CEST 2018

Hi all

My goal is to set up two Yubikeys (YK1 and YK2) with the same GPG keys (one to use daily and one for backup). Following this ( tutorial I created a signing key and two subkeys, one for encryption and one for authorization.

Keys were moved to YKs successfully and I backed up everything including stubs for both YKs.

Stubs were exported using: gpg --armor --output stubs.asc --export-secret-keys <longid>

Then I did the following:

1. Import public key and stubs(YK1) on another computer: gpg --import public.asc stubs1.asc
2. Encrypt a message with the public key: gpg -e -r <longid> file.txt
3. Decrypt the message with: gpg -d file.txt.gpg
4. Being asked to insert YK1 and insert PIN
5. Decryption went successfully

Then I wanted to test YK2 and I used the same file.txt.gpg, as I used before (didn't encrypt a new one). So I did the following:

1. Delete private stubs: gpg --delete-secret-keys <longid>
2. Import stubs (YK2): gpg --import stubs2.asc
3. Decrypt the message with: gpg -d file.txt.gpg
4. Being asked to insert *YK2* and insert PIN
5. While I insert PIN I see the error below (I am sure the PIN is correct):

$ gpg -d text.txt.gpg

Please enter the PIN
gpg: verify CHV2 failed: invalid passphrase
gpg: encrypted with 2048-bit RSA key, ID 701E4F69, created 2018-05-10
      "Dima Stopel <dima at>"
gpg: public key decryption failed: invalid passphrase
gpg: decryption failed: secret key not available

What am I doing wrong?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list