I have my private sub keys on a smart card, and up until recently decrypting was always fine. Then I found out that for signing other people's keys, I need to have the primary private key available. So I put it on a second smart card as described here: http://gnupg.10057.n7.nabble.com/Issues-with-primary-key-amp-subkeys-on-different-smartcards-td32228.html Now decryption still works, but with a small hiccup:
$ gpg -d test.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AE275A9 … gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.91 gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 8760DB3E … gpg: Alles klar, wir sind der ungenannte Empfänger. gpg: verschlüsselt mit RSA Schlüssel, ID 00000000 It first tries to decrypt using the primary key. And since the card with the primary key is not plugged in, it outputs an error, before it tries the sub key that succeeds. I tried using the -r option to specify the key to use, but it was seemingly ignored. Is there a way to specify which key to try first? The problem I have at the moment ist that some scripts fail probably because the error that is output. For example, it never reaches line 43 of the following script since I have the stub for the primary key: https://github.com/ulrichard/locally_encrypted_remote_storage/blob/master/open_locally_encrypted_remote_storage.sh Rgds Richard PS: out of curiosity: What does the "ID 00000000" mean in the output from gpg : gpg: verschlüsselt mit RSA Schlüssel, ID 00000000
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
