On 17/03/17 22:44, Rainer Hoerbe wrote: > I copied my key to a OpenPGP card and was able to create signatures > and authentication via SSH using the card. Now moving the the Mac I > am stuck with pinentry-mac, because it keeps asking me for another > card.
I think GnuPG hasn't deleted your secret key stubs which still point to the old smartcard with the different serial number. Unless I'm very much mistaken, this is a shortcoming of GnuPG 2.1 currently. The agent identifies keys by their so-called keygrip. You can see the keygrips for your private key with: $ gpg2 --with-keygrip -K 64C2F99E904F1906 These keygrips correspond to files in ~/.gnupg/private-keys-v1.d/. Just bluntly remove these files, but be careful to only delete files belonging to smartcard stubs! Double check each keygrip before deleting them. In fact, make a backup of the directory first :-). > gpg --delete-secret-keys 0x64C2F99E904F1906 > gpg2 --card-status > gpg2 --clearsign /etc/hosts Did you mean to write "gpg" there rather than "gpg2"? You didn't indicate which version of GnuPG you're using, but your problem sounds like a 2.1 problem to me. If you are using GnuPG 2.1, you shouldn't mix it with GnuPG 1.4, that road leads to pain. They don't share their private key storage, and might or might not share public key storage depending on which version created the public key storage on the very first invocation. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
