Hello Peter. Thanks for your detailed instructions. As FOSDEM keysigning is approaching I finally found some time to test it with my setup. Unfortunately I am unable to pass through the step when you need to swap the cards during subkey generation:
> > Now let's add subkeys on the other card. GnuPG 2.1 totally does the right > thing > here! Insert a new blank smartcard and do: > $ gpg2 --edit-key 367D1BCF > At this point the pinentry will prompt: > ---------------------------8<--------------->8--------------------------- > Please remove the current card and insert the one with serial number: > > Note that that is our card with the primary key. Here when I remove the "subkey" card and insert the primary card and then confirm the prompt I immediately have gpg fail with the following error: gpg: signing failed: End of file gpg: make_keysig_packeto failed: End of file gpg: Key generation failed: End of file Now not sure what might be the difference between your setup and mine, let's try to spot the difference: 1. I have gpg 2.1.11. What is your gpg2 --version ? 2. Since YubiKey is a usb token and my primary card is a plastic smartcard from ZeithControl they are in fact located in two different readers. I found that gpg is not able to locate card if more than one reader is present and somehow always default to some first card it sees. To mitigate this I had to always remove the reader along with the card. And then of cause have to reinsert it back. May it be that gpg expects cards to be in the same reader? 3. Any other thoughts? Any debug logs I can enable? I also kept detailed steps and output so far and hope to publish an article somewhere if manage to get everything working properly. Anton. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
