gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable
Closed, ResolvedPublic

Description

This particular problem makes it very hard to have a master key and subkeys in
two different smartcards.

The problem has been very well explained here:
http://lists.gnupg.org/pipermail/gnupg-users/2013-September/047412.html

And I was able to use the work-around with gpgsplit.

But just to sum up the problem: when you have a card A with the master key and a
card B with subkeys, and when you want to use it on a computer where you did not
create the key, gpg will create the proper stubs for the keys available on the
first card that you use but once you want to use the key on the other card, it
will just fail with something like this:
gpg: secret key parts are not available
gpg: skipped "KEYID": Unusable secret key
gpg: [stdin]: clearsign failed: Unusable secret key

And with gpg -K you will see something like this:
sec> 4096R/F2AC729A créé : 2009-05-07 expire : jamais

nº de carte : 0005 00001F2D

ssb# 2048R/71F23DEE créé : 2009-05-07 expire : jamais
ssb# 2048R/EBC29AB9 créé : 2009-05-07 expire : 2015-11-20
ssb# 2048R/169CA386 créé : 2013-11-20 expire : 2015-11-20

Here I inserted the card of the master key first.

So in the end, what I want to say is that "gpg2 --card-status" (or "gpg2
--card-edit" followed by "fetch") should always upgrade available private keys
from "unusable private key" into a proper key usable with the current smartcard...

Details

Version
2.0.28
rhertzog added a subscriber: rhertzog.

BTW I had this problem on Debian unstable with version 2.0.28-3:
$ gpg2 --version
gpg (GnuPG) 2.0.28
libgcrypt 1.6.3
[...]

rhertzog renamed this task from [smartcard] gpg2 --card-status won't create proper stubs for subkeys which are known but non-usable to [smartcard] gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable.Aug 25 2015, 12:01 PM
werner renamed this task from [smartcard] gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable to gpg2 --card-status won't create proper stubs for (sub)keys which are known but non-usable.
werner set Version to 2.0.28.
gniibe claimed this task.Sep 4 2015, 6:16 AM

I think that the problem is fixed in 2.0.29.
And the display improvement (msg6937) is backported, it will be in 2.0.30.
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=fea9d4354c93b662c75febe020fb799ce4f2ec89

Debian Unstable is now at 2.1.8-1. I guess this version should have the fix as
well? If yes, I can retry.

Yes, I believe 2.1.8 should work well. The private key management is moved to
gpg-agent, and gpg-agent automatically create stubs.

Confirmed that this issue is fixed with 2.1.8. I was able to delete the secret
key (stubs) and they were properly recreated.

werner closed this task as Resolved.Jan 15 2016, 1:29 PM
werner removed a project: Testing.