Fails signing key with Yubikey

Werner Koch wk at
Thu Mar 21 13:32:30 CET 2024


> gpg -K --with-colon 20E0635864445A177F8F7C0C6141FD27892AE9B4 
> sec:u:255:22:6141FD27892AE9B4:1700197485:::u:::cESCA:::#::ed25519:::0: 

This is your primary key and it has been taken offline ..^.. marked by
the pound sign.  Only the primary key can be used to sign other keys.

> ssb:u:255:22:D0753D43F3C7A942:1700197520:1731733520:::::s:::D2760001240103040006250173860000::ed25519::

This is a signing subkey on a card with s/n *17386.

> ssb:u:255:18:90A11AD910FBE44E:1700197567:1731733567:::::e:::D2760001240103040006250173860000::cv25519::

This is an encryption subkey on a card with s/n *17386.

> ssb:u:255:22:3A7E3018D78FC26A:1700197579:1731733579:::::a:::D2760001240103040006250173860000::ed25519::

This is a authentication subkey on a card with s/n *17386.

You need to go the the machine where you have stored the private part of
the primary key.  Or get that key using its keygrip (see the "grp" line)
and put it into the ~/.gnupg/private-keys-v1.d/ directory.  But you
probably took the key offline for improved security and thus you better
don't re-import it and indeed use the other box for key signing.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list