Signing eMails doesn't work anymore

Nitrokeys
1

When I first set up my crypto stick, signing emails worked flawlessly.
But then I wanted to also be able to use my crypto-stick for ssh authentication.
As adding the authentication sub key turned out to be difficult, I generated an entirely new private key with encryption-, signature- and authentication subkeys generated before putting them onto the crypto stick.
SSH authentication works nicely now, but with the new key, signing emails always fails. Ecryption and decryption still works. I’m using evolution, but I also tried with thunderbird. The errormessage I get is the same I get when trying to sign something with gpg directly. Could it be that gpg is confused which key to use?

gpg --sign setup_my_system.sh
gpg: sending command `SCD PKSIGN' to agent failed: ec=6.18
gpg: Beglaubigung fehlgeschlagen: Allgemeiner Fehler
gpg: signing failed: Allgemeiner Fehler
gpg2 --card-status
Application ID ...: D27600012401020000050000115F0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000115F
Name of cardholder: Richard Ulrich
Language prefs ...: de
Sex ..............: männlich
URL of public key : [nicht gesetzt]
Login data .......: [nicht gesetzt]
Signature PIN ....: nicht zwingend
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: 6555 FA9F AEEF 386C 50E2  7AE1 02EC 6014 E840 1492
      created ....: 2012-08-07 19:01:59
Encryption key....: 3A6C CF0A C29F 3DFC 60AF  DCCE 31AA D811 8760 DB3E
      created ....: 2012-08-07 19:00:54
Authentication key: 2C12 F55B 69D3 088E BFD9  C010 BABF AE12 5A09 7EF6
      created ....: 2012-08-07 19:04:12
General key info..: pub  2048R/E8401492 2012-08-07 Richard Ulrich (ulrichard) <xxxxx@gmail.com>
sec#  2048R/0AE275A9  erzeugt: 2012-08-07  verfällt: 2022-08-05
ssb>  2048R/8760DB3E  erzeugt: 2012-08-07  verfällt: niemals     
                      Kartennummer: 0005 0000115F
ssb>  2048R/E8401492  erzeugt: 2012-08-07  verfällt: niemals     
                      Kartennummer: 0005 0000115F
ssb>  2048R/5A097EF6  erzeugt: 2012-08-07  verfällt: niemals     
                      Kartennummer: 0005 0000115F
gpg2 --list-keys
/home/richi/.gnupg/pubring.gpg
------------------------------
pub   2048R/0AE275A9 2012-08-07 [verfällt: 2022-08-05]
uid                  Richard Ulrich (ulrichard) <xxxxx@gmail.com>
sub   2048R/8760DB3E 2012-08-07
sub   2048R/E8401492 2012-08-07
sub   2048R/5A097EF6 2012-08-07
sub   2048R/EC980139 2012-08-07 [verfällt: 2022-08-05]
2

I didn’t had such an issue yet. You may want to address your questions to the official GnuPG User mailing list. lists.gnupg.org/mailman/listinfo/gnupg-users

3

I should probably report back here as well.
The people on the mailing list helped me solve the issue long ago.
Indeed, gpg tried to use the wrong sub key.
I now have to force the signature key I want to use with an exclamation mark. In evolution this looks like:
OpenPGP Key ID: E8401492!
And for debian packages it’s:
debuild -k E8401492!