[pkg-gnupg-maint] Bug#802586: gnupg2: Fails to sign using smartcard after upgrade

Mark Brown broonie at debian.org
Wed Oct 21 12:15:59 UTC 2015

Package: gnupg2
Version: 2.1.9-1
Severity: import

After upgrading to GnuPG 2.1 attempts to sign anything using my
smartcard resulted in:

| gpg: signing failed: No secret key

which is obviously undesirable.  I'm using gnupg-agent with a smartcard,
the agent appears to be able to interact with the card since I am able
to use it to authenticate with remote SSH systems (something that was
previously broken).

I was able to list secret keys so it appears that my secret keyring is
intact (and I tested by regenerating from scratch using --card-status
which seemed to DTRT):

| $ /home/broonie/.gnupg/pubring.gpg
| --------------------------------
| sec#  rsa4096/30F5D8EB 2011-10-21
| uid         [ultimate] Mark Brown <broonie at sirena.org.uk>
| uid         [ultimate] Mark Brown <broonie at debian.org>
| uid         [ultimate] Mark Brown <broonie at kernel.org>
| uid         [ultimate] Mark Brown <broonie at tardis.ed.ac.uk>
| uid         [ultimate] Mark Brown <broonie at linaro.org>
| uid         [ultimate] Mark Brown <Mark.Brown at linaro.org>
| ssb#  rsa4096/7B78DB59 2011-10-21
| ssb#  rsa4096/7EA229BD 2012-09-15 [expires: 2016-08-26]
| ssb>  rsa2048/6D1F3CC5 2014-08-31 [expires: 2016-08-30]
| ssb#  rsa2048/5D5487D0 2014-08-31 [expires: 2016-08-30]
| ssb#  rsa2048/4F7C301E 2014-08-31 [expires: 2016-08-30]

and the --card-status and --card-edit interfaces appear functional.  I
was eventually able to resolve this by deleting the contents of the
private-keys-v1.d directory and using --card-status to recreate the stub
key for the smartcard, it looks like the upgrade didn't successfully
import that from my old secret ring.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg2 depends on:
ii  dpkg           1.18.3
ii  gnupg-agent    2.1.9-1
ii  install-info   6.0.0.dfsg.1-3
ii  libassuan0     2.3.0-1
ii  libbz2-1.0     1.0.6-8
ii  libc6          2.19-22
ii  libgcrypt20    1.6.4-3
ii  libgpg-error0  1.20-1
ii  libksba8       1.3.3-1
ii  libreadline6   6.3-8+b3
ii  zlib1g         1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  dirmngr  2.1.9-1

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list