Hi, I got recently very confused about how secret keys on smartcards are presented and handled in gpg.
In particular, after putting the subkeys on a Nitrokey, my output of gpg --list-secret-keys is sec# 4096R/XXXXXAB 2017-XX-XX [expires: 20XX-XX-XX] uid My name <[email protected]> ssb> 2048R/XXXXXBB 2017-XX-XX ssb> 2048R/XXXXXCB 2017-XX-XX ssb> 2048R/XXXXXDB 2017-XX-XX Following confusions: 1. What is the meaning of # after sec? This means that the master key is not available (https://wiki.debian.org/Subkeys). We already have 5 lines of text. Why not add another line such as "#: Master key not present" 2. What is the meaning of > after ssb? It means that the secret sub keys are not present in the keyring, but on a known smartcard. This does not come up in a google search 'gpg "ssb>"'. I only came accross another post by accident that said that after issuing keytocard, the sub key is deleted (when using save) and only a reference is left. Following 1., why not write "#: Master key not present; >: reference to secret key on smart card" 3. This output means that there is *NO* secret key on this computer. This is an extremely important information, but it is not evident from the output. Enigmail makes it look like I have a private keypair. But actually it's not. Only a reference. 4. I cannot fully delete the secret key reference by "gpg --delete-secret-key XXXXXAB". Although it asks me for confirmation and does not show in --list-secret-keys anymore, it still shows in enigmail (bold for having private key) and .gnupg/private-keys-v1.d still contains the keys. So I'm kind of stuck in limbo here. Deleting the offending files in private-keys-v1.d is the only way to make enigmail forget about them. Has this discussed before? I think there was once a drive to improve usability of gpg. Is there a place to propose a change in the output? _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
