Using the primary key was what I tried first. But when I saw the error
message "signing failed", I thought I'd have to force the proper signing
subkey, like I have to do for signing emails.

My setup is more or less the following:
with the addition of a sub key for ssh authentication: -> section "with
smartcard (openpgp)"


$ gpg --edit-key 0AE275A9
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/0AE275A9  created: 2012-08-07  expires: 2022-08-05  usage:
                     trust: ultimate      validity: ultimate
sub  2048R/8760DB3E  created: 2012-08-07  expires: never       usage:
sub  2048R/E8401492  created: 2012-08-07  expires: never       usage:
sub  2048R/5A097EF6  created: 2012-08-07  expires: never       usage:
sub  2048R/EC980139  created: 2012-08-07  expires: 2022-08-05  usage:
[ultimate] (1). Richard Ulrich (ulrichard) <>

gpg> adduid
Real name: Richard Ulrich
Email address:
Comment: ulrichard
You selected this USER-ID:
    "Richard Ulrich (ulrichard) <>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: secret key parts are not available
gpg: signing failed: general error

$ gpg --list-keys
pub   2048R/0AE275A9 2012-08-07 [expires: 2022-08-05]
uid                  Richard Ulrich (ulrichard) <>
sub   2048R/8760DB3E 2012-08-07
sub   2048R/E8401492 2012-08-07
sub   2048R/5A097EF6 2012-08-07
sub   2048R/EC980139 2012-08-07 [expires: 2022-08-05]

$ gpg --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Private DO 3 .....: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 6
Signature key ....: 6555 FA9F AEEF 386C 50E2  7AE1 02EC 6014 E840 1492
      created ....: 2012-08-07 19:01:59
Encryption key....: 3A6C CF0A C29F 3DFC 60AF  DCCE 31AA D811 8760 DB3E
      created ....: 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9  C010 BABF AE12 5A09 7EF6
      created ....: 2012-08-07 19:04:12
General key info..: pub  2048R/E8401492 2012-08-07 Richard Ulrich
(ulrichard) <>
sec#  2048R/0AE275A9  created: 2012-08-07  expires: 2022-08-05
ssb>  2048R/8760DB3E  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F
ssb>  2048R/E8401492  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F
ssb>  2048R/5A097EF6  created: 2012-08-07  expires: never     
                      card-no: 0005 0000115F

On Mi, 2012-08-29 at 14:11 +0200, Peter Lebbing wrote:
> On 29/08/12 13:53, Richi Lists wrote:
> > I can't get it to work wether I try it on the primary or the sub key and
> > whether I use gpg or gpg2.
> > [...]
> > 
> > $ gpg2 -v --edit-key E8401492!
> > [...]
> > 
> > gpg: using subkey E8401492 instead of primary key 0AE275A9
> > Secret key is available.
> Why are you forcing using the subkey? An UID is /always/ on the primary key, 
> it
> makes no sense to make an UID on the subkey. I think.
> Simply losing the exclamation mark should fix it, or just specify
> $ gpg2 --edit-key 0AE275A9
> Also, apart from UIDs on subkeys making no sense, it would seem to me that an
> UID needs to be bound with a Certification-capable signing key, whereas your
> signing subkey E8401492 can only make signatures on data. That's probably why
> GnuPG says:
> > gpg: signing failed: Unusable secret key
> Although it could also be that the secret part for that subkey is simply not
> available? I'm not sure whether the "secret key is available" message I quoted
> above pertains to the primary key or the secret subkey you forced on the 
> command
> line.
> If you still have problems after this explanation, please provide more data
> about your setup. You have two encryption subkeys, two data signature subkeys,
> and GnuPG complains that there are secret parts missing. It will be a lot 
> easier
> to help you if you can explain what pieces of data are where :).
> Peter.

Gnupg-users mailing list

Reply via email to