Hello Werner and list, I could reproduce the problem the user "Mustrum" had with moving his certification-only primary key to a smartcard. If you have a primary key with sign and certify abilities, you can "keytocard" it to the Signature slot of an OpenPGP card, and it will issue certifications just fine. But you can't move a certification-only primary key to the Signature slot.
I think I did exactly this with my own key in 2009, and it worked fine. Also, if you trick GnuPG into moving the primary key to a smartcard, it will issue certifications perfectly fine as well. This message is a reply to a message where I explain how I tricked GnuPG, in the thread "Separate OpenPGP cards for master key and sub-keys". Is it deliberate behaviour to deny the operation? And if so, I'm very interested to know why. By the way, back in 2009 I used a 2048-bit key, and Mustrum ran into the problem with a 4096-bit key. I just tried, but it won't work for a 2048-bit key either. Obviously, the chances that it was related to keysize were already slim, but I checked anyway. Greets, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
