On 02/08/18 11:07, Felix E. Klee wrote:> It seems like the card reader cannot decrypt the session key. *Is that correct?* The fact this "enterprise solution" decided to encrypt it to your primary, non-encryption-capable, key, is a big red flag that this "solution" is not compatible to "modern-day" OpenPGP. So I think it's a safe bet they also screwed up the PKESK packet for your subkey, and the error is indeed related to it not representing a valid session key.
HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users