Use multi-usage key in authentication slot on HW-key for encryption

Felix Mayr felix.mayr at tum.de
Sat Apr 16 09:10:58 CEST 2022


So, I decided to use a Yubikey to store my GPG-subkeys. Using the 
smartcard functionality I can store 3 different subkeys and so thought 
that I could actually store some multi-usage key 
(authentication/encryption) there so I can have per-key-encryption for 
private-data (notably passwords with pass). However, while I can use the 
main encrpytion key in "slot 2" just fine, I can't decrypt with the 
"multi"-purpose key stored in the yubikey anymore (yes, I'm using 
--try-all-secrets).

Is this a limitation of the smartcard standard or just an opioniated 
choice in GPG or am I doing something wrong? If it's not possible with 
the smartcard: can I use the PIV-mode of the yubikey for that purpose?


Regards,

Felix



More information about the Gnupg-users mailing list