Using Yubikey only to encrypt/sign

Farhan Khan farhan at
Mon Feb 18 21:35:30 CET 2019

February 18, 2019 2:35 AM, "Andrew Gallagher" <andrewg at> wrote:

>> On 18 Feb 2019, at 05:19, Farhan Khan via Gnupg-users <gnupg-users at> wrote:
>> How does one utilize *just* the yubikey (or OpenPGP smartcard in general) to
>> encrypt, sign, or decrypt? This might be in a scenario where I only have the
>> keys on my card but not on disk such as while traveling. I can confirm that
>> 'gpg --card-status' lists the keys as present.
>> I am simulating this scenario by moving ~/.gnupg to another directory, but
>> running 'gpg --list-keys' does not list the list the key as present.
> You need to download the public key of the secret keys you are about to use, and then run `gpg
> --card-status` again. After that it Should Just Work.
> A

Hey Andrew,
I was given the message "gpg: decryption failed: No secret key". I ran this:

mv .gnupg .gnupg.bak
gpg --card-status
cat encrypted_message | gpg --decrypt

This gave me the warning message:
gpg: encrypted with 2048-bit RSA key, ID BF0F750DB428FFFF, created 2019-02-18
      "Farhan Khan <farhan at>"
gpg: public key decryption failed: Invalid ID
gpg: decryption failed: No secret key

When I run gpg --list-secret-keys, I see the serial number listed for my card.
I suspect this is a gpg-agent issue?


Farhan Khan
PGP Fingerprint: 7BEF 02AB 89AF 9581 194D 57F1 BF0F 750D B428 FFFF

More information about the Gnupg-users mailing list