I'm using gpg on Fedora 34:
$ gpg --version gpg (GnuPG) 2.2.27 libgcrypt 1.9.3-unknown
I created my key locally, but have since moved the signing and encryption subkeys to a yubikey.
I could earlier sign others' keys using this setup, but this has been failing for me recently with this error message:
gpg: signing failed: No secret key
Signing messages with gpg2 --clearsign works well.
Appended below is some output from commands and logs.
sec# rsa4096/0x1E9A3B5F854083B6 2011-10-05 [SC]
Key fingerprint = 48CA 3722 5FE7 F4A8 B337 2735 1E9A 3B5F 8540 83B6
uid [ unknown] Amit Shah <amit@amitshah.net>
uid [ unknown] Amit Shah <amit@kernel.org>
uid [ unknown] Amit Shah <amitshah@gmx.net>
ssb# rsa4096/0x5CDEF05333DE9424 2011-10-05 [E]
ssb> rsa4096/0x54C877E13EF1D38F 2016-04-01 [A]
ssb> rsa4096/0xEB0B4DFC657EF670 2016-04-01 [S]From a failed run to sign a key:
2021-09-13 20:37:55 gpg-agent[8215] listening on socket '/run/user/1000/gnupg/S.gpg-agent' 2021-09-13 20:37:55 gpg-agent[8215] listening on socket '/run/user/1000/gnupg/S.gpg-agent.extra' 2021-09-13 20:37:55 gpg-agent[8215] listening on socket '/run/user/1000/gnupg/S.gpg-agent.browser' 2021-09-13 20:37:55 gpg-agent[8215] listening on socket '/run/user/1000/gnupg/S.gpg-agent.ssh' 2021-09-13 20:37:55 gpg-agent[8216] gpg-agent (GnuPG) 2.2.27 started 2021-09-13 20:37:59 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:03 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:07 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:11 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:15 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:19 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:23 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK Pleased to meet you, process 8254 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- RESET 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION ttyname=/dev/pts/2 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION ttytype=xterm-256color 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION display=:1 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION xauthority=/run/user/1000/gdm/Xauthority 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION putenv=XMODIFIERS=@im=none 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION putenv=QT_IM_MODULE=xim 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION lc-ctype=en_US.UTF-8 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION lc-messages=en_US.UTF-8 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- GETINFO version 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> D 2.2.27 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION allow-pinentry-notify 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- OPTION agent-awareness=2.1.0 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- KEYINFO CBA7C81541B0AFE48A0EB7AE5B50170588ABFDF4 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> ERR 67108891 Not found <GPG Agent> 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- KEYINFO 04206DA8AA4C4ADDFE7531C1F9D5B99F75F9E5AD 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> ERR 67108891 Not found <GPG Agent> 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- KEYINFO 6D4FA23B21B5A614C1D07D7669B9A59F3CCB6261 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> ERR 67108891 Not found <GPG Agent> 021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- SCD SERIALNO 2021-09-13 20:38:24 gpg-agent[8216] no running SCdaemon - starting it 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK GNU Privacy Guard's Smartcard server ready 2021-09-13 20:38:24 gpg-agent[8216] DBG: first connection to SCdaemon established 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 -> GETINFO socket_name 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- D /run/user/1000/gnupg/S.scdaemon 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: additional connections at '/run/user/1000/gnupg/S.scdaemon' 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 -> OPTION event-signal=12 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 -> SERIALNO 2021-09-13 20:38:24 gpg-agent[8216] SIGUSR2 received - updating card event counter 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- S SERIALNO D2760001240102010006040316860000 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> S SERIALNO D2760001240102010006040316860000 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- SCD SERIALNO 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 -> SERIALNO 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- S SERIALNO D2760001240102010006040316860000 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> S SERIALNO D2760001240102010006040316860000 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- SCD GETATTR KEY-FPR 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 -> GETATTR KEY-FPR 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- S KEY-FPR 1 CC63D332AB8F461745296534EB0B4DFC657EF670 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> S KEY-FPR 1 CC63D332AB8F461745296534EB0B4DFC657EF670 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- S KEY-FPR 3 CB8DB7CA595108AD5476DCAC54C877E13EF1D38F 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> S KEY-FPR 3 CB8DB7CA595108AD5476DCAC54C877E13EF1D38F 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 <- KEYINFO CBA7C81541B0AFE48A0EB7AE5B50170588ABFDF4 2021-09-13 20:38:24 gpg-agent[8216] DBG: chan_10 -> ERR 67108891 Not found <GPG Agent> 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- RESET 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- SIGKEY 68E7EFC751BF3A305A967226EF8441FFB205AC30 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Shah+<amit@amitshah.net>%22%0A4096-bit+RSA+key,+ID+0x1E9A3B5F854083B6,%0Acreated+2011-10-05.%0A 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- SETHASH 8 9DBA5F901664C8A241F8FF795258153EAC4EF40091B516B9B92875E14164D1EB 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- PKSIGN 2021-09-13 20:38:26 gpg-agent[8216] command 'PKSIGN' failed: No secret key 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 -> ERR 67108881 No secret key <GPG Agent> 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_10 <- [eof] 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_11 -> RESTART 2021-09-13 20:38:26 gpg-agent[8216] DBG: chan_11 <- OK
Here are logs of a run where the gpg2 --clearsign command succeeds, and actually picks up the right key from the yubikey:
... 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 -> SERIALNO 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 <- S SERIALNO D2760001240102010006040316860000 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> S SERIALNO D2760001240102010006040316860000 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 <- SCD GETATTR KEY-FPR 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 -> GETATTR KEY-FPR 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 <- S KEY-FPR 1 CC63D332AB8F461745296534EB0B4DFC657EF670 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> S KEY-FPR 1 CC63D332AB8F461745296534EB0B4DFC657EF670 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 <- S KEY-FPR 3 CB8DB7CA595108AD5476DCAC54C877E13EF1D38F 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> S KEY-FPR 3 CB8DB7CA595108AD5476DCAC54C877E13EF1D38F 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 <- KEYINFO E969E5C44EEC900CB898C84AE92B6723AC869E38 2021-09-13 20:39:04 gpg-agent[8216] DBG: agent_get_cache 'E969E5C44EEC900CB898C84AE92B6723AC869E38'.0 (mode 2) ... 2021-09-13 20:39:04 gpg-agent[8216] DBG: ... miss 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> S KEYINFO E969E5C44EEC900CB898C84AE92B6723AC869E38 T D2760001240102010006040316860000 OPENPGP.1 - - - - - 2021-09-13 20:39:04 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- RESET 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- SIGKEY E969E5C44EEC900CB898C84AE92B6723AC869E38 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Amit+Shah+<amit@amitshah.net>%22%0A4096-bit+RSA+key,+ID+0xEB0B4DFC657EF670,%0Acreated+2016-04-01+(main+key+ID+0x1E9A3B5F854083B6).%0A 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- SETHASH 8 43989060734A02C509A8E58110275A755A556361B5F5DC583F1D40B3562809AD 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 -> OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- PKSIGN 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 -> SERIALNO --demand=D2760001240102010006040316860000 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 <- S SERIALNO D2760001240102010006040316860000 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:39:06 gpg-agent[8216] detected card with S/N D2760001240102010006040316860000 2021-09-13 20:39:06 gpg-agent[8216] DBG: encoded hash: 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 43 98 90 60 73 4A 02 C5 09 A8 E5 81 10 27 5A 75 5A 55 63 61 B5 F5 DC 58 3F 1D 40 B3 56 28 09 AD 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 -> SETDATA 3031300D06096086480165030402010500042043989060734A02C509A8E58110275A755A556361B5F5DC583F1D40B3562809AD 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 -> PKSIGN --hash=sha256 E969E5C44EEC900CB898C84AE92B6723AC869E38 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_11 <- [ 49 4e 51 55 49 52 45 20 4e 45 45 44 50 49 4e 20 ...(82 byte(s) skipped) ] 2021-09-13 20:39:06 gpg-agent[8216] starting a new PIN Entry 2021-09-13 20:39:06 gpg-agent[8216] DBG: connection to PIN entry established 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 -> INQUIRE PINENTRY_LAUNCHED 8290 gnome3 1.1.1 /dev/pts/0 xterm-256color :1 20620/1000/5 1000/1000 0 2021-09-13 20:39:06 gpg-agent[8216] DBG: chan_10 <- END 2021-09-13 20:39:07 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:39:09 gpg-agent[8216] DBG: chan_11 -> [ 44 20 31 39 38 34 31 39 00 00 00 00 00 00 00 00 ...(76 byte(s) skipped) ] 2021-09-13 20:39:09 gpg-agent[8216] DBG: chan_11 -> END 2021-09-13 20:39:11 gpg-agent[8216] DBG: agent_cache_housekeeping 2021-09-13 20:39:11 gpg-agent[8216] DBG: chan_11 <- [ 44 20 5a ca 42 72 a1 c5 58 2a b9 3e 9b 80 90 17 ...(506 byte(s) skipped) ] 2021-09-13 20:39:11 gpg-agent[8216] DBG: chan_11 <- OK 2021-09-13 20:39:11 gpg-agent[8216] DBG: PKCS#1 block type 1 encoded data:+01ffffff .... ... ... 2021-09-13 20:39:11 gpg-agent[8216] DBG: rsa_verify => Good
It's possible this is a config error, but since this setup worked previously, I'm supposing it's a regression in my configuration.
Thanks!