Re: OpenPGP 2.0 and Hushmail keys

Thu, 10 Sep 2009 10:38:41 -0700 

This is the error I get when I try to decrypt Hushmail emails in
Thunderbird with the OpenPGP card:

Error - secret key needed to decrypt message

gpg command line and output:
C:\Program Files\GNU\GnuPG\gpg.exe
gpg: detected reader `AKS ifdh 0'
gpg: detected reader `AKS ifdh 1'
gpg: detected reader `AKS VR 0'
gpg: detected reader `Aladdin Token JC 0'
gpg: detected reader `SCM Microsystems Inc. SCR3340 ExpressCard Reader 0'
gpg: fingerprint on card does not match requested one (huh, whats this
mean?)
gpg: encrypted with 2048-bit RSA key, ID xxxxxxxx, created 2006-07-11
      ""xxxxxxx...@hush.com" <xxxxxx...@hush.com>"
gpg: encrypted with 2048-bit RSA-E key, ID xxxxxxxx, created 2009-05-27
      ""xxxxx...@hushmail.com" <xxxxxxxx...@hushmail.com>"
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available

This happens after copying my Hushmail keys to the OpenPGP card...


David Shaw wrote:
> On Sep 10, 2009, at 3:36 AM, Sean Wilson wrote:
>
>> Does anyone know if the new OpenPGP 2.0 card supports Hushmail keys?
>>> From what I understand Hushmail is based on OpenPGP so it should work.
>> The key I have from my Hushmail account is 2048bit in length but once I
>> copy the key onto the OpenPGP 2.0 card I can't decrypt Hushmail email
>> anymore, any idea why?
>
> It should work fine.  It sounds like a different sort of problem.
>
>> Also, if I generate a brand new key pair ON the OpenPGP 2.0 card, will
>> anyone be able to export or copy the private key (if the OpenPGP card is
>> NOT inserted in the reader)? Does GPG write a copy of the keys anywhere
>> else besides on the card?
>
> No, but there is a stub secret key that lives in the usual secret
> keyring.  This isn't a true secret key (it does not contain the actual
> key data), but is the OpenPGP information (user IDs and other things),
> along with a pointer that says "the key is on smartcard XYZ".
>
> So if they can get ahold of your computer, someone could steal this
> stub, but there is nothing secret about it, and it won't do them any
> good.
>
> David
>
>
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to