Cannot create new authentication key

I have a cryptostick v2.0

When I received it in April, I followed some procedure to generate all 3 keys on the stick itself.

This week I wanted to really start using the stick for full disk encryption and ssh authentication.
I was following this procedure to generate some new keys:
bress.net/blog/archives/203- … Guard.html

Most things worked smoothly, except for the authentication key. Importing the two keys from disk worked nicely, and I can encrypt/decrypt stuff with the key on the stick. Whenever I execute “addcardkey” it asks for the admin pin and the key pin. Then instead of generating the new authentication key, I get the following error: “secret key not available”

I can only guess that this is because the authentication key that should be overwritten belongs to a primary key that’s no longer available.
But since it should we replaced, this should not matter right?

Rgds
Richard

So, I wanted to bite the bullet and reset the crypto stick as described at the bottom of : privacyfoundation.de/wiki/CryptoStickFAQ
But all I get is this:

[code]gpg-connect-agent < cryptostickreset.txt
’pg-connect-agent: unknown command `hex

ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
ERR 67108983 No SmartCard daemon
card has been reset to factory defaults[/code]

And nothing is reset:

gpg --card-status Application ID ...: D27600012401020000050000115F0000 Version ..........: 2.0 Manufacturer .....: ZeitControl Serial number ....: 0000115F Name of cardholder: Richard Ulrich Language prefs ...: de Sex ..............: male URL of public key : [not set] Login data .......: [not set] Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: 6F5E 3DFA CE04 8173 C0DD FFE8 7D9D 3507 1B8B 9CBA created ....: 2012-06-06 22:47:31 Encryption key....: D954 F956 D9E2 6EAD D1F3 6807 10C6 210E 14C2 BBF6 created ....: 2012-06-06 22:45:49 Authentication key: 8F87 E9F0 C83F F455 EB57 78BD 92ED 7B54 0E9D C08D created ....: 2012-04-14 20:47:55 General key info..: pub 2048R/1B8B9CBA 2012-06-06 Richard Ulrich (ulrichard) <richi@paraeasy.ch> sec# 2048R/A0B7C771 created: 2012-06-06 expires: 2017-06-05 ssb> 2048R/14C2BBF6 created: 2012-06-06 expires: 2017-06-05 card-no: 0005 0000115F ssb> 2048R/1B8B9CBA created: 2012-06-06 expires: 2017-06-05 card-no: 0005 0000115F

Try “sudo gpg-connect-agent < cryptostickreset.txt” instead. Also, what does “gpg2 --card-status” tell you?

Running as root didn’t change a thing. I could not reset the stick. I also tried on different computers running either ubunto or debian.
But I generated an entirely new private key, and putting all the sub keys from this onto the stick worked.
I think part of the problem was that I generated the authentication subkey after I had some other sub keys already trasnfered to the stick.
Now that worked, but another problem appeared. Signing eMails doesn’t work anymore. I’ll open another thread for that.