GPG + smartcard randomly doesn't find secret key

Asked by Bsl Bckr

Hi everyone,

since several days now I am facing a rather annoying and hard to understand problem involving enigmail, gpg2, gpg-agent and a smartcard (a Yubikey 4 to be exact). Further, all my incoming mail becomes, if it isn't already, automatically encrypted using my public key. Honestly, almost every mail I receive is encrypted by my mail provider instead of the sender.
I'm using Thunderbird, equpped with enigmail, to read my mail. The problem I'm struggling with is that for some of the encrypted mails everything works like a charme and for some others no private key could be found. I have no idea where this inconsistency stems from and how it could be resolved. This is one of the main reasons, I did not file a bug-report. I simply don't know yet, what the problem is.

So let me describe my set-up in a little bit more detail:
I use one main-key with three different sub-keys. One for encryption, one for signing, and one for authentication purposes. The three private sub-keys are stored on the smart-card (Yubikey 4) and the private-key of the main-key is kept on a separate device. Actually, it has never been stored at my current PC's harddrive.

If I write an email, I usually digitally sign them using my private signging key. This works flawlessly, after I have successfully entered my smart-card's PIN. Also entering the PIN is requested before trying to decrypt the mails (entering the wrong PIN yields a different error-message. I tried it ;) ) but it does not succeed in every case.

I further don't think that enigmail is part of the problem as the decryption of the mails does not succedd either, if I save the encrypted message as a file and invoke gpg manually. Further, if I manually run the following command:
~$ echo "test" | gpg -r <email address hidden> -e | gpg -d
sometimes the decryption works and sometimes it doesn't. (gpg is an alias for gpg2 in this environment)

If I try to decrypt the messages on my smartphone using K9 and Openkeychain everything works. Thus, I assume that the encryption is done right and the problems are solely on my PC's set-up.

The following program-versions are in use:
gpg: 2.1.15-1ubuntu6
libgcrypt: 1.7.2-2ubuntu1
gnupg-agent: 2.1.15-1ubuntu6
dirmngr: 2.1.15-1ubuntu6
pcscd: 1.8.14-1ubuntu1.16.10.1
scdaemon: 2.1.15-1ubuntu6
systemd: 231-9ubuntu2

Ubuntu release is 16.10 yakkety

If you have any ideas what could be the source for my problems, or if you had similar issues and somehow solved them, please let me know.

Question information

English Edit question
Ubuntu gnupg Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said :

This question was expired because it remained in the 'Open' state without activity for the last 15 days.