I have a Nitrokey Pro, loaded with a key:
Reader ...........: 20A0:4108:00003C130000000000000000:0
Application ID ...: D276000124010201000500003C130000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 00003C13
Name of cardholder: My Name
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 3
Signature key ....: 2ECE 60C9 E68D AD15 408A 5321 6992 5DE2 9347 9CA1
created ....: 2017-01-05 16:41:09
Encryption key....: F9FC A2AE 1751 D08A 59DC 0025 D625 27FB C5AE A46D
created ....: 2017-01-05 16:41:09
Authentication key: 9ADB 66DB CD4E 2A24 CFD1 E878 0ADC F71C 0A10 E054
created ....: 2017-01-05 16:49:39
General key info..: pub rsa4096/69925DE293479CA1 2017-01-05 My Name <My@Email.eu>
sec> rsa4096/69925DE293479CA1 created: 2017-01-05 expires: never
card-no: 0005 00003C13
ssb> rsa4096/D62527FBC5AEA46D created: 2017-01-05 expires: never
card-no: 0005 00003C13
ssb> rsa4096/0ADCF71C0A10E054 created: 2017-01-05 expires: never
card-no: 0005 00003C13
Now, I can easily encrypt with public key:
echo "abcdefg" > msg.txt
gpg -e ./msg.txt
You did not specify a user ID. (you may use "-r")
Current recipients:
Enter the user ID. End with an empty line: 2ECE60C9E68DAD15408A532169925DE293479CA1
But I can’t decrypt it afterwards:
gpg -d ./msg.txt.gpg
gpg: encrypted with 4096-bit RSA key, ID 0ADCF71C0A10E054, created 2017-01-05
"My Name <My@Email.eu>"
gpg: public key decryption failed: Invalid ID
gpg: decryption failed: No secret key
Any ideas what I’m doing wrong?