[SOLVED] Gpg: KEYTOCARD failed: Invalid value

Hello my friends from the other side.
I am trying to import my existing PGP key into the OpenPGP card. The steps I did are:

  1. gpg --card-status Signature key, Encryption key, Authentication key and General key info are all empty. Good, let’s continue.
  2. gpg --import my_private_key.pgp Now the key is saved on the phone in .gnupg directory
  3. gpg --edit-key my_key_ID
  4. keytocard
  5. Is telling me “Please select where to store the key: (1) Signature key (3) Authentication key
  6. 1 I want to decrypt message with the key for now, I might import the same key for authentication later
  7. I put in my key’s password and the card’s PIN, all is good.
  8. I get gpg: KEYTOCARD failed: Invalid value What is this? Why?!

Before you judge, I search the internet for a solution but I couldn’t find anything.
Right now my theory is that my key is an “ed25519” and the OpenPGP card does not support “ed25519”.
Any help would be greatly appreciated. :melting_face:


I couldn’t find any Purism documentation that answers the question: What key algorithms, including what ellliptic curves, are supported by the OpenPGP card? (That doco does exist for the Librem Key.)

You might have to ask Purism Support: support@puri.sm


Thank you for the reply sir.
If I get really desperate I might. But I’m sure support have their hands full already.
:thinking: Interesting you found the documentation for the Librem Key? The Librem Key uses a OpenPGP card inside, from my understanding is the same card so the capabilities should be identical.

EDIT: Found it, well for the Librem Key.
It supports NIST even tho it doesn’t specifically mention ed25519.

1 Like

I don’t have a Librem Key so can’t comment on the details. The Librem Key doco is at: Librem Key - Purism - Librem products documentation

If you expand Getting Started and then click on Technical Specs then you will see the doco that I alluded to above.

If you are careful (e.g. careful not to overwrite your existing key!), you may be able to generate a key that falls into one of the listed types and try to export that key, and thereby test your hypothesis.


Thank you, very useful. Also, Long Live ChatGPT.

Your Librem Key will not hold your master GPG key. I really hope that’s not the case. I find the whole process of subkeys very cumbersome.
I am a simple man, I want a private key to decrypt messages and a public key to give away to people. And I want that private key to be on the OpenPGP card. Simple.


The Nitrokey Pro 2/Librem Key does not support Curve25519.


That is extraordinarily useful. Thank you.

1 Like

The OP was asking about the OpenPGP card, which goes in the Librem 5, not the Librem Key, which you would use with the other Purism products (e.g. laptops, Mini, Librem 11). Do you know for a fact that the OpenPGP card has the same functional support as the Librem Key?

1 Like



Nitrokey Pro 2/Librem Key:

Reader ...........: 316D:4C4B:00000000000000000000CA52:0
Application ID ...: D27600012401030400050000CA520000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 0000CA52
Name of cardholder: [not set]
Language prefs ...: de
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa3072 rsa3072 rsa3072
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 6
KDF setting ......: off
Signature key ....: 118B BB6D 93EB FEEE 98BC  DE41 BD28 3A0A 10FB 1123
      created ....: 2024-01-23 10:44:07
Encryption key....: E002 7391 6AF8 4AC6 1D20  2E97 45E4 3137 C966 1FBB
      created ....: 2024-01-23 10:44:07
Authentication key: BF58 2E97 07CE C8F7 BC8A  D734 5BE5 C52D 0999 E81C
      created ....: 2024-01-23 10:44:07
General key info..: [none]
1 Like

AFAICT, the three keys exist for three different purposes:

  • encryption - someone sends you an email and both of you want to keep the contents confidential in transit (and I guess also you can use the key yourself for local content)
  • signing - you send someone an email, or produce a document, and both of you want to ensure that the contents cannot be altered in transit (integrity) and both of you want to ensure that the recipient can be certain that the contents are authentic (genuinely from you, and also can’t be repudiated by you)
  • authentication - you have to authenticate yourself by key rather than by password e.g. remote login and e.g. local login (but I’m not sure exactly how this works)

Guys, I am losing my mind. I didn’t think I am such a idiot but here we are. Please help.

  1. So. I make an RSA key and put it in the card with gpg --edit-key and keytocard
  2. gpg --card-status confirms that the key is on the card. Great success!
  3. Now, the reason I have a PGPCard is so I don’t have they keys on the phone and just have them on the card where they can’t be taken out from.
  4. I turn off the phone and take out the PGP card
  5. Turn the phone back on and gpg --delete-secret-keys and gpg --delete-keys to delete the keys from inside the phone. Now they key/keys should only be on the card.
  6. I put the PGP Card back into the phone.
  7. gpg --card-status looks a bit different, it only shows Signature Key: XXXX YYYY and created: xxx I think to myself “Odd. But maybe all the info is hidden for security resons”
  8. I go test. I encrypt a message, send it to the phone and try to decrypt it gpg --decrypt message.gpg
  9. I get gpg: encrypted with RSA key, ID 99DA3E64E3D1F576 and gpg: decryption failed: No secret key

What is going on man? ;—;

EDIT: P.S. When putting the key into the card (keytocard) I only hard two options to chose from (1) Signature key and (3) Authentication key So I chose 1.

1 Like

Follow these instructions then.

About the Librem Key - Purism - Librem products documentation

  1. I don’t want to deal with any subkeys. From my communication here and on other forums I understand that subkeys are just an optional complication. I don’t want to deal with them. The main private/public key is enough for me and should work just fine decrypting and encrypting messages.
  2. Generating the keys directly on the card is the only way to do it? Can’t I generate them somewhere else and import them to the card? Why not? Yes, I don’t want the keys to be on the phone but I want to back them up.

EDIT: :thinking: could it be that I am missing an option in the keytocard menu? Option 2 Encryption key? Maybe the firmware for the card is not yet ready.


Okay, follow these advanced instructions instead:

OpenPGP Key Generation With Backup - Nitrokey Documentation

Choose option 4 to create an RSA main key with only signing/certifying capabilities, and not any subkey with encryption capabilities.

Yes, correct.


Why, can’t I not have a “RSA main key” with encryption capabilities?!
This is so confusing >…<
Maybe option (8) RSA (set your own capabilities)? I will give it a shot.

1 Like

Sure, that should work. Then press E and Q.

Looking at the documentation, option 6 is supposed to be RSA (encrypt only), but it looks like it can only be used with addkey, and not during the key generation process.

1 Like

hey @arvamircea,
afaik all tools that use GPG based message encryption and decryption use those 3 sub keys, there is no waz around it maybe this guide can explain it to you in more detail, and deliver a complete usage instruction.
from my experience there is no difference regarding the gpg stuff between the Libermkey yubikey and the opengpg card


Thank you @Manuel I gave it a read. Somewhat useful but the guy does the usual thing (using the master key only to sign other subkeys), again, I’m of the opinion that unless you are Edward Snowden subkeys are an unnecessary complication in your life.
@FranklyFlawless Thank you man. You helped me a lot not gonna lie.

Still in not working the way I want it to…

  1. I create a master RSA key for all three (signing, encryption, authentication) - Success!
  2. I upload them to the card (keytocard, 1,2 and 3) - Success?
  3. I take card out of the phone and delete all trace any keys from the phone - Success!
  4. I put the card back in and I want to use it to decrypt messages - No success :frowning:
    gpg --decrypt message.pgp gets gpg: decryption failed: No secret key
    What do you mean phone?! What’s on the card ei? EI?!?
  5. I put the card back in and I want to sign messages - Don’t know, did not get this far.

When gpg -card-status I get:
Signature key.....: 2910 CDFA 88D8 E751 E26B C910 2EC7 DB13 B1CA 8488
created...........: 2024-01-25 14:55:13
Encryption key....: 2910 CDFA 88D8 E751 E26B C910 2EC7 DB13 B1CA 8488
created...........: 2024-01-25 14:55:13
Authentication key: 2910 CDFA 88D8 E751 E26B C910 2EC7 DB13 B1CA 8488
created...........: 2024-01-25 14:55:13
General key info..: [none]

1 Like

@arvamircea I think your rather alone with that option and more important in my opinion the cards are not designed to work that way.
With you example how is gpg supposed to figure out which key to use since the are all the same.
Why don’t you try getting it working with the 3 sub keys and then see how everything is supposed to behave and work.
After knowing how it works you can still switch back to your way of doing it to spot difference and then try to work around them.
EDIT: typo


Thank you for the reply.

This is important. Do they or do they not work the way I want them to.

Simple, I ask gpg to decrypt is uses the “Encryption key”; I ask gpg to sign it uses the “Signature key”; etc.

I don’t know man. The normal way of doing things doesn’t make sense to me. If something is the main key is just makes sense to protect it the most. Having the main key offline on an USB somewhere and using keys derived from that on the PGP card is so un-elegant is breaks my brain.

EDIT: Like, with my threat model it doesn’t make sense to keep track of dozens of keys.

1 Like