Working version:
Ubuntu-14.04
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Not working version:
Ubuntu-18.04
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
I put the same subkey on all 3 slots of a Nitrokey Pro maybe about a year
ago and have been encrypting/decrypting (sometimes signing, sometimes not)
for myself and for/from other people during that time. I've used the
smartcard on 3 different hosts (also 14.04) by using fetch and running
card-status. On gnupg-2.2, whether signed or not, attempting to decrypt a
file with me as the recipient fails with:
gpg: public key decryption failed: Invalid ID
gpg: decryption failed: No secret key
It shows that the file was encrypted with my subkey fingerprint. I can
encrypt and sign with gnupg-2.2, just not the reverse. It does not matter
if the file I am trying to decrypt was created from one of my 14.04 hosts
or with the 18.04 host. The 18.04 host simply cannot decrypt it.
To be complete about how I set up the card: I imported the subkey into a
fresh .gnupg, ran card-edit, toggle, key 1, keytocard, chose the slot,
saved, wiped .gnupg (and restarted the agent) and repeated the process for
the other 2 slots and finally wiping .gnupg and using card-edit, fetch, and
card-status to re-initialize.
Both 2.0 and 2.2 show sec#, uid, and ssb> when running -K.
show-unusable-uids,show-unusable-subkeys does not change the output. There
are no other UIDs or subkeys and both master and sub are set to never
expire.
If I import the master or the detached subkey by themselves into a clean
18.04 environment, it works. Only the smartcard does not work. Can anyone
help debug this?
Ubuntu-14.04
gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Not working version:
Ubuntu-18.04
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
I put the same subkey on all 3 slots of a Nitrokey Pro maybe about a year
ago and have been encrypting/decrypting (sometimes signing, sometimes not)
for myself and for/from other people during that time. I've used the
smartcard on 3 different hosts (also 14.04) by using fetch and running
card-status. On gnupg-2.2, whether signed or not, attempting to decrypt a
file with me as the recipient fails with:
gpg: public key decryption failed: Invalid ID
gpg: decryption failed: No secret key
It shows that the file was encrypted with my subkey fingerprint. I can
encrypt and sign with gnupg-2.2, just not the reverse. It does not matter
if the file I am trying to decrypt was created from one of my 14.04 hosts
or with the 18.04 host. The 18.04 host simply cannot decrypt it.
To be complete about how I set up the card: I imported the subkey into a
fresh .gnupg, ran card-edit, toggle, key 1, keytocard, chose the slot,
saved, wiped .gnupg (and restarted the agent) and repeated the process for
the other 2 slots and finally wiping .gnupg and using card-edit, fetch, and
card-status to re-initialize.
Both 2.0 and 2.2 show sec#, uid, and ssb> when running -K.
show-unusable-uids,show-unusable-subkeys does not change the output. There
are no other UIDs or subkeys and both master and sub are set to never
expire.
If I import the master or the detached subkey by themselves into a clean
18.04 environment, it works. Only the smartcard does not work. Can anyone
help debug this?