Page MenuHome GnuPG
Create Task
Maniphest T1000

Cannot use revoked subkeys for decription using a smartcard
Closed, ResolvedPublic
Actions

Description

Enrico Zini wrote on the Debian BTS:

I have a subkey on a smart card. Since I have been without a card
reader for quite a long time, I revoked the card subkeys. Now I have a
reader again, and I want to decode some old data. However, if I try,
gpg will tell me "decryption failed: secret key not available", even if
gpg --card-status can see the keys on the card.

I tried with an old secring backup from before the revocation, and it
works. I tried exporting the backup secring and importing it in my
backup, but to no avail:

$ gpg --homedir ~/.gnupg/backup --decrypt testfile -> works
$ gpg --homedir ~/.gnupg/backup/ --export-secret-key | gpg --import
$ gpg --decrypt testfile -> decryption failed: secret key not available

It looks like since that key has been revoked in my new secring, gpg
doesn't want to use it. This, at least for decryption, seems to be
wrong: I want to keep that subkey revoked, but I still want to be able
to use it for decrypting old data.

Details

External Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514623
Version
1.4.9

Event Timeline

werner set External Link to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514623.Feb 10 2009, 5:12 PM
werner set Version to 1.4.9.
werner added projects: gnupg, Bug Report, Debian.
werner added a project: scd.
werner added a subscriber: werner.
werner added a comment.Mar 2 2009, 2:18 PM

I can't replicate it with a card initialized the standard way and revoking the
encryption key. Will test later with only the subkey on the card. This is
using gpg2 or gpg-1.4.9 along with scdaemon.

werner closed this task as Resolved.Jul 1 2011, 12:10 PM
werner claimed this task.
werner added a project: Too Old.
gatuno reopened this task as Open.Jul 20 2012, 12:35 AM
gatuno added a subscriber: gatuno.

Hi!

Is this bug solved? And if yes, in what version is resolved?

werner added a comment.Jul 20 2012, 9:37 AM

It was set to resolved in 2011 because I was not able to replicate it. Are you
now able to replicate the problem?

gatuno added a comment.Jul 20 2012, 11:46 PM

No, I can't reproduce the problem. I just came to check the status of the bug.
Thanks for the info werner.

gatuno closed this task as Resolved.Jul 20 2012, 11:46 PM