Page MenuHome GnuPG

gnupg 2.1 regression: cannot use OpenPGP card for signing
Closed, InvalidPublic


With gnupg 2.1, I can no longer use my OpenPGP smartcard. gnupg is able to see
the card (--card-status shows it) and --card-edit also works. However, gpg -K no
longer shows the key.

Output with gnugpg 2.0:

$ gpg -K


sec 1024D/31CFFD50 2005-09-04
uid Thomas Bächler <>
uid Thomas Bächler <>
ssb 2048g/648E6F29 2005-09-04

sec 4096R/8E4B1A25 2011-05-04
uid Thomas Bächler <>
ssb 4096R/20016BDB 2011-05-04

sec> 3072R/824B18E8 2011-11-19
Kartenseriennr. = 1234 56789012
uid Thomas Bächler (Arch Linux Master Key) <>
ssb> 1024R/AAE53976 2011-11-19
ssb> 2048R/96A8F3F2 2011-11-19

Output with gnupg 2.1:

$ gpg -K


sec dsa1024/31CFFD50 2005-09-04
uid [ultimate] Thomas Bächler <>
uid [ultimate] Thomas Bächler <>
ssb elg2048/648E6F29 2005-09-04

sec rsa4096/8E4B1A25 2011-05-04
uid [ultimate] Thomas Bächler <>
ssb rsa4096/20016BDB 2011-05-04

As you can see, the third key is no longer listed with gnupg 2.1. When I try to
use the key for signing, gnupg complains that there is no private key.
Downgrading to version 2.0 again resolves the issue.



Event Timeline

brain0 added projects: gnupg, Bug Report.
brain0 added a subscriber: brain0.

In 2.1, secret key handling has been changed.
It's now *not* in secring.gpg but files under private-keys-v1.d.
I think that there were some migration problems for your environment (and GnuPG
2.1.0) and one of your secret key is not converted.

I don't know the reason, but I guess that your key is only available in
secring.gpg and not in pubring.gpg.

About secret key reference (in secring.gpg for 1.4/2.0, under private-keys-v1.d
for 2.1) can be generated by accessing card.
With 2.1.1, --card-status will register key reference. With 2.1.0, you can do:

  $ gpg-connect-agent learn /bye

Once you have public key entry and private key reference to your card, it should
work well.
Could you please try installing your public key with 2.1.0 and making private
key reference?

marcus added a subscriber: marcus.

No feedback for 2 years.