Re: Fails signing key with Yubikey

[Werner Koch via Gnupg-users]

Hi!

> gpg -K --with-colon 20E0635864445A177F8F7C0C6141FD27892AE9B4 
> sec:u:255:22:6141FD27892AE9B4:1700197485:::u:::cESCA:::#::ed25519:::0: 

This is your primary key and it has been taken offline ..^.. marked by
the pound sign.  Only the primary key can be used to sign other keys.

> ssb:u:255:22:D0753D43F3C7A942:1700197520:1731733520:s:::D276000124010304000625017386::ed25519::

This is a signing subkey on a card with s/n *17386.

> ssb:u:255:18:90A11AD910FBE44E:1700197567:1731733567:e:::D276000124010304000625017386::cv25519::

This is an encryption subkey on a card with s/n *17386.

> ssb:u:255:22:3A7E3018D78FC26A:1700197579:1731733579:a:::D276000124010304000625017386::ed25519::

This is a authentication subkey on a card with s/n *17386.

You need to go the the machine where you have stored the private part of
the primary key.  Or get that key using its keygrip (see the "grp" line)
and put it into the ~/.gnupg/private-keys-v1.d/ directory.  But you
probably took the key offline for improved security and thus you better
don't re-import it and indeed use the other box for key signing.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein


openpgp-digital-signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fails signing key with Yubikey

[Ingo Klöcker]

On Donnerstag, 21. März 2024 08:22:48 CET Alexis via Gnupg-users wrote:
>  I'm trying to sign a secondary key with my yubikey, however it fails
> saying the private key is not found. I'm able to sign files with `--sign`,
> but am not able to use `--sign-key`.

Your Yubikey holds three keys:
* a signing key (corresponding to a sign-only subkey of your OpenPGP key)
> ssb:u:255:22:D0753D43F3C7A942:1700197520:1731733520:s:::D27600012401030
> 4000625017386::ed25519::
* an encryption key
> ssb:u:255:18:90A11AD910FBE44E:1700197567:1731733567:e:::D276000124010304
> 000625017386::cv25519::
* an authentication key
> ssb:u:255:22:3A7E3018D78FC26A:1700197579:1731733579:a:::D276000124010304
> 000625017386::ed25519::

None of those keys are suitable for certifying other keys because for this you 
need a certification key. Only the primary key of your OpenPGP key can be used 
for certifying.
> sec:u:255:22:6141FD27892AE9B4:1700197485:::u:::cESCA:::#::ed25519:::0:

Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Fails signing key with Yubikey

[Alexis via Gnupg-users]

Dear GnuPG,

 I'm trying to sign a secondary key with my yubikey, however it fails 
saying the private key is not found. I'm able to sign files with `--sign`, but 
am not able to use `--sign-key`. This issue was posted about by someone else at 
https://dev.gnupg.org/T6411



```

gpg --version 
gpg (GnuPG) 2.4.5 
libgcrypt 1.10.3-unknown 
Copyright (C) 2024 g10 Code GmbH 
License GNU GPL-3.0-or-later  
This is free software: you are free to change and redistribute it. 
There is NO WARRANTY, to the extent permitted by law. 
 
Home: /home/alexis/.gnupg 
Supported algorithms: 
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA 
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, 
    CAMELLIA128, CAMELLIA192, CAMELLIA256 
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 
Compression: Uncompressed, ZIP, ZLIB, BZIP2
```


```

gpg -K --with-colon 20E0635864445A177F8F7C0C6141FD27892AE9B4 
sec:u:255:22:6141FD27892AE9B4:1700197485:::u:::cESCA:::#::ed25519:::0: 
fpr:20E0635864445A177F8F7C0C6141FD27892AE9B4: 
grp:1486B645AD4F1642BEDDA35BE0A03E24176B8736: 
uid:u1700197485::27E90DFEEB5D485431C85BC651668AB9FEC8A169::Alexis 
::0: 
ssb:u:255:22:D0753D43F3C7A942:1700197520:1731733520:s:::D276000124010304000625017386::ed25519::
 
fpr:13511F6F0880AABD07AA1035D0753D43F3C7A942: 
grp:A8919684010395C76A981BB322E13011DEA9E1CC: 
ssb:u:255:18:90A11AD910FBE44E:1700197567:1731733567:e:::D276000124010304000625017386::cv25519::
 
fpr:B5B4442C9A5104824B0F0DA390A11AD910FBE44E: 
grp:583172CF6C0231FD03CDFC174A081F13EA565480: 
ssb:u:255:22:3A7E3018D78FC26A:1700197579:1731733579:a:::D276000124010304000625017386::ed25519::
 
fpr:1B10245AA781FC2BDADB4BB93A7E3018D78FC26A: 
grp:C3F9CAF98B582FC5BD82862F27E008C713F8536F:
```



Thanks,

Alexis___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users