Using the primary key was what I tried first. But when I saw the error message "signing failed", I thought I'd have to force the proper signing subkey, like I have to do for signing emails.
My setup is more or less the following: http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups with the addition of a sub key for ssh authentication: http://www.programmierecke.net/howto/gpg-ssh.html -> section "with smartcard (openpgp)" Rgds Richard $ gpg --edit-key 0AE275A9 gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05 usage: SC trust: ultimate validity: ultimate sub 2048R/8760DB3E created: 2012-08-07 expires: never usage: E sub 2048R/E8401492 created: 2012-08-07 expires: never usage: S sub 2048R/5A097EF6 created: 2012-08-07 expires: never usage: S sub 2048R/EC980139 created: 2012-08-07 expires: 2022-08-05 usage: E [ultimate] (1). Richard Ulrich (ulrichard) <richi...@gmail.com> gpg> adduid Real name: Richard Ulrich Email address: ri...@paraeasy.ch Comment: ulrichard You selected this USER-ID: "Richard Ulrich (ulrichard) <ri...@paraeasy.ch>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: secret key parts are not available gpg: signing failed: general error $ gpg --list-keys /home/richi/.gnupg/pubring.gpg ------------------------------ pub 2048R/0AE275A9 2012-08-07 [expires: 2022-08-05] uid Richard Ulrich (ulrichard) <richi...@gmail.com> sub 2048R/8760DB3E 2012-08-07 sub 2048R/E8401492 2012-08-07 sub 2048R/5A097EF6 2012-08-07 sub 2048R/EC980139 2012-08-07 [expires: 2022-08-05] $ gpg --card-status Application ID ...: D27600012401020000050000115F0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 0000115F Name of cardholder: Richard Ulrich Language prefs ...: de Sex ..............: male URL of public key : [not set] Login data .......: [not set] Private DO 1 .....: [not set] Private DO 2 .....: [not set] Private DO 3 .....: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 6 Signature key ....: 6555 FA9F AEEF 386C 50E2 7AE1 02EC 6014 E840 1492 created ....: 2012-08-07 19:01:59 Encryption key....: 3A6C CF0A C29F 3DFC 60AF DCCE 31AA D811 8760 DB3E created ....: 2012-08-07 19:00:54 Authentication key: 2C12 F55B 69D3 088E BFD9 C010 BABF AE12 5A09 7EF6 created ....: 2012-08-07 19:04:12 General key info..: pub 2048R/E8401492 2012-08-07 Richard Ulrich (ulrichard) <richi...@gmail.com> sec# 2048R/0AE275A9 created: 2012-08-07 expires: 2022-08-05 ssb> 2048R/8760DB3E created: 2012-08-07 expires: never card-no: 0005 0000115F ssb> 2048R/E8401492 created: 2012-08-07 expires: never card-no: 0005 0000115F ssb> 2048R/5A097EF6 created: 2012-08-07 expires: never card-no: 0005 0000115F On Mi, 2012-08-29 at 14:11 +0200, Peter Lebbing wrote: > On 29/08/12 13:53, Richi Lists wrote: > > I can't get it to work wether I try it on the primary or the sub key and > > whether I use gpg or gpg2. > > [...] > > > > $ gpg2 -v --edit-key E8401492! > > [...] > > > > gpg: using subkey E8401492 instead of primary key 0AE275A9 > > Secret key is available. > > Why are you forcing using the subkey? An UID is /always/ on the primary key, > it > makes no sense to make an UID on the subkey. I think. > > Simply losing the exclamation mark should fix it, or just specify > > $ gpg2 --edit-key 0AE275A9 > > Also, apart from UIDs on subkeys making no sense, it would seem to me that an > UID needs to be bound with a Certification-capable signing key, whereas your > signing subkey E8401492 can only make signatures on data. That's probably why > GnuPG says: > > > gpg: signing failed: Unusable secret key > > Although it could also be that the secret part for that subkey is simply not > available? I'm not sure whether the "secret key is available" message I quoted > above pertains to the primary key or the secret subkey you forced on the > command > line. > > If you still have problems after this explanation, please provide more data > about your setup. You have two encryption subkeys, two data signature subkeys, > and GnuPG complains that there are secret parts missing. It will be a lot > easier > to help you if you can explain what pieces of data are where :). > > Peter. > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
