Hey there! There's been a bit of an interesting development which I think explains the issues I've been having, I'm just not sure if there's a way to recover this. I found out that gpg has a way to run the --full-gen-key option using an existing key from card.
$ gpg --expert --full-gen-key <snip> Your selection? 14 (Existing key from card) Available keys: (1) 4DCD2F5D0F303B60FAFDB469BA33F314281B2D1B OPENPGP.1 ed25519 (cert,sign*) (2) 993197BDCB9A09A16C4918DED4310EEF4B6582E2 OPENPGP.2 cv25519 (encr*) (3) EB59A450FF4E1B233C523B860E458EF6D043DFE8 OPENPGP.3 ed25519 (sign,auth*) So far, so good, however if I then continue with option 1, I get a key with key ID 6AA6FC5597E89BDC19ADD6AFCF2FEC503A89BCFF, and this allows me to add more UIDs as I deem fit. Now... that's weird. My key so far had key id 408FB2EBC3DF3DBBE0143D9A29AD46D6F58287A3 I delete the keys from my keyring again (leaving yubikey intact), and run the same for option 3. Now I do get key id 408FB2EBC3DF3DBBE0143D9A29AD46D6F58287A3. But I can't create UIDs. However, GPG grants this the capabilities SCA.... Where did that C come from? Probably because that's now the primary key? My best bet is that when I originally made this key, I uploaded the keys into the wrong slots on the yubikey, which I believe have a fixed capability-set? Either way, it feels like that at this point... I'm screwed. Unless there's a way to rectify this? Thank you all for your time so far. Yours, Rens Rikkerink _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
