Yubikey keytocard: "Bad secret key"

Peter Lebbing peter at digitalbrains.com
Mon Feb 18 12:09:36 CET 2019

On 18/02/2019 06:51, Farhan Khan via Gnupg-users wrote:
> This was it, loading a 2048-bit key works just fine
> Thanks Andrew!

First of all, I think it's a much better idea to generate a 2048-bit key
anyway, so it worked out okay.

But the problem is interesting. Before --card-edit gained its key-attr
command, GnuPG would do the correct key-attr stuff automatically to
switch to the desired key length. Maybe it has stopped doing that now,
and you need to do:

$ gpg --card-edit
gpg> key-attr

to select the desired key length before keytocard.

At the moment, I don't have a version with key-attr at hand to quickly
test myself.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190218/df3a9e01/attachment.sig>

More information about the Gnupg-users mailing list