In my setup, I created a gpg key on an offline machine. This key consists of a Certificate master key and subkeys. I created new subkeys for each of Sign, Encrypt and Authenticate, then backup up the keys (with --export, --export-secret-keys and --export-secret-subkeys). I then moved the subkeys to …

I see. The keytocard command actually “moves” the keys once you type save. So there are no copies left on the machine. If I remember correctly you can prevent this by not typing save but quit and denying saving. The keys are copied to the smart card in this case.

Nitrokey Support

Gpg does not replace subkey stubs with secret keys when importing secret keys

Nitrokeys Misc

dallaslu January 28, 2021, 12:34pm 8

Run gpg --list-secret-keys --with-keygrip to get the keygrip of your special subkey, then delete ~/.gnupg/private-keys-v1.d/<keygrip>.key. Now, import your backup of the subkey. Everything will be OK.

1 Like

Speichern auf zweiten Nitrokey-Storage mag nicht

Remove Nitrokley from GPG settings