On 4/20/17 5:00 AM, Andrew Stubbs via Gnupg-users wrote: > even if the encryption key is the same. Oh, this brings up a related issue, actually! GnuPG doesn't cope very well if you put the same subkey on *multiple* smartcards - it remembers the first smartcard it saw that contained the subkey and always asks for that smartcard to be reinserted, even if you've later done gpg --card-status with another smartcard that contains the same key. You can get it to forget the first card by deleting the subkey's ~/.gnupg/private-keys-v1.d/$KEYGRIP.key file, but that's terribly fiddly and potentially dangerous. (Before figuring out that those files are named by keygrip, I was just deleting ~/.gnupg/private-keys-v1.d entirely, which would've be extremely bad once I'd gotten actual private keys into my keyring!)
I would assume this issue occurs with all kinds of subkeys, although it only particularly hurts for encryption subkeys - since unlike the other key usages, it only really makes sense to have one "live" encryption subkey and so it's the most likely subkey to be shared across several cards. To remedy this, GnuPG should either track multiple smartcards for each key - and do something like "please insert any of the following smartcards: <list of serial numbers>" - or simply overwrite the card-no when you insert a second smartcard containing the same key. The latter probably involves fewer changes.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
