Gpg: KEYTOCARD failed: Bad secret key

Hardware Librem (Other)
1

So, I have an issue exporting keys to librem key (which I got few years back).

gpg --export --key-edit email@address
gpg> key 1 #The encryption key
gpg> keytocard
#
# Selected (2) for the encryption key.
#
gpg: KEYTOCARD failed: Bad secret key

Examining the card status

Reader ...........: Purism, SPC Librem Key (0000000000000000000095F0) 00 00
Application ID ...: D2760001240103030005000095F00000
Application type .: OpenPGP
Version ..........: 3.3
Manufacturer .....: ZeitControl
Serial number ....: 000095F0
Name of cardholder: [not set]
Language prefs ...: de
Salutation .......: 
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048   #<--- COULD THIS BE THE PROBLEM?
Max. PIN lengths .: 64 64 64
PIN retry counter : 2 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

All my (sub)keys are RSA size 4096.

2

Okay, my bad. I haven’t noticed that changing admin/user PINs was unsuccessful. When I fixed this, the transfer worked.

1 Like
3

I tried to transfer my encryption key to my L5 smartcard, but got an error:

gpg> keytocard
Please select where to store the key:
(2) Encryption key
Your selection? 2
gpg: KEYTOCARD failed: Bad secret key

I was following the article from Purism “About the Librem Key” and the above happened when I followed the steps in “Move GPG Subkeys Over to The Librem Key”.

I also remembered that I could not enter the admin menu to change the password, but used passwd to change the non-admin password. So when I try to change the admin menu I get:

gpg/card> admin
Admin commands are allowed

Neither my new password from card-edit nor the gpg passphrase worked.

keytocard
keytocard3024Ă—4032 2.94 MB