> I think I see what's going wrong here. On my card, OPENPGP.3 refers to the > authentication key. If you are trying to use this to decrypt stuff, the card > will outright refuse. Only the encryption key of the card will decrypt > stuff, and that one should refuse to sign. The other two will only sign > stuff.
Right. But if I use OPENPGP.2 to create the CSR, I get: Really create request? (y/N) y Now creating certificate request. This may take a while ... gpgsm: about to sign CSR for key: &F106A6B05C3E509BC3BC5C25D02E7D1DE94060F2 gpgsm: signing failed: Invalid ID gpgsm: error creating certificate request: Invalid ID <SCD> This is because the encryption key cannot sign the CSR. -- Jörg Deckert _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
