On 26/07/16 11:05, Felix E. Klee wrote: > Successfully moved a key to an [OpenPGP-Card][1]. Now, as backup, I > want to install the key to a second card, but that failed: > > # gpg --edit-key $KEY > [...] > gpg> toggle > [...] > ggp> keytocard > Really move the primary key? (y/N) y > [...] > Please select where to store the key: > (1) Signature key > (3) Authentication key > Your selection? 1 > > gpg: WARNING: such a key has already been stored on the card! > > Replace existing key? (y/N) y > gpg: KEYTOCARD failed: Unusable secret key > > Why did it work for the first card but not for the second one? > > I assume, although `keytocard` is documented as *moving* the key to the > card, it actually copies it.
It copies, but if you then save the changes to your local disk, the original copy on local disk is deleted - so calling it a "move" operation is correct. If you want to keep a backup copy on local disk, you need to quit *without saving* immediately after running 'keytocard'. This behaviour is a well-known gotcha. What does it say when you run "gpg --list-secret-keys" on your local machine now? A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users