Wouter Verhelst
2016-04-11 12:13:18 UTC
Hi,
I recently bought an OpenPGP smart card, and am now evaluating before
deciding whether to move my secret key to the card. To that end, I've
generated (and destroyed, by way of "gpg2 --edit-card"'s factory-reset
command) a number of keys.
However, I noticed that the factory-reset doesn't delete the secret key
stub from my secret keyring; and now I get this:
***@gangtai:~$ LC_ALL=C gpg2 --delete-secret-key b36c8212
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa4096/B36C8212 2016-04-02 Wouter Verhelst (Debian)
<***@debian.org>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: b36c8212: delete key failed: Not possible with a card based key
How do I tell GnuPG that this secret key is no longer in existence, and
that it should remove it from its list of secret keys? I've removed it
from the card, and I didn't create a backup copy (since this was only a
test key, after all).
I suppose I could just wipe out my entire secret keyring, but I'd rather
not do that, since it contains my production GPG keys...
I recently bought an OpenPGP smart card, and am now evaluating before
deciding whether to move my secret key to the card. To that end, I've
generated (and destroyed, by way of "gpg2 --edit-card"'s factory-reset
command) a number of keys.
However, I noticed that the factory-reset doesn't delete the secret key
stub from my secret keyring; and now I get this:
***@gangtai:~$ LC_ALL=C gpg2 --delete-secret-key b36c8212
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sec rsa4096/B36C8212 2016-04-02 Wouter Verhelst (Debian)
<***@debian.org>
Delete this key from the keyring? (y/N) y
This is a secret key! - really delete? (y/N) y
gpg: deleting secret key failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: deleting secret subkey failed: Not possible with a card based key
gpg: b36c8212: delete key failed: Not possible with a card based key
How do I tell GnuPG that this secret key is no longer in existence, and
that it should remove it from its list of secret keys? I've removed it
from the card, and I didn't create a backup copy (since this was only a
test key, after all).
I suppose I could just wipe out my entire secret keyring, but I'd rather
not do that, since it contains my production GPG keys...
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12