Page MenuHome GnuPG

Cannot use revoked subkeys for decription using a smartcard
Closed, ResolvedPublic


Enrico Zini wrote on the Debian BTS:

I have a subkey on a smart card. Since I have been without a card
reader for quite a long time, I revoked the card subkeys. Now I have a
reader again, and I want to decode some old data. However, if I try,
gpg will tell me "decryption failed: secret key not available", even if
gpg --card-status can see the keys on the card.

I tried with an old secring backup from before the revocation, and it
works. I tried exporting the backup secring and importing it in my
backup, but to no avail:

$ gpg --homedir ~/.gnupg/backup --decrypt testfile -> works
$ gpg --homedir ~/.gnupg/backup/ --export-secret-key | gpg --import
$ gpg --decrypt testfile -> decryption failed: secret key not available

It looks like since that key has been revoked in my new secring, gpg
doesn't want to use it. This, at least for decryption, seems to be
wrong: I want to keep that subkey revoked, but I still want to be able
to use it for decrypting old data.

Event Timeline

werner set External Link to 10 2009, 5:12 PM
werner set Version to 1.4.9.
werner added projects: gnupg, Bug Report, Debian.
werner added a project: scd.
werner added a subscriber: werner.

I can't replicate it with a card initialized the standard way and revoking the
encryption key. Will test later with only the subkey on the card. This is
using gpg2 or gpg-1.4.9 along with scdaemon.

werner claimed this task.
werner added a project: Too Old.
gatuno added a subscriber: gatuno.


Is this bug solved? And if yes, in what version is resolved?

It was set to resolved in 2011 because I was not able to replicate it. Are you
now able to replicate the problem?

No, I can't reproduce the problem. I just came to check the status of the bug.
Thanks for the info werner.