Olav Seyfarth

Did you mean "I just can't decrypt the emails with the old key."? At least that's what you wrote in your initial post.

Enigmail kind of cannot complain itself, because it just doesn't handle the keys in crypto operations at all. It just tells GnuPG to do the job. GnuPG throws that error, and Engimail reports it. That's why I urge to debug without Enigmail. If you can't sign on CLI, it's not an Enigmail issue but with underlying components.

I have deleted my key from Enigmail. So you deleted public AND secret key, yes? You'd also have to reset the card since it's rebuild from the card otherwise. Re-importing allows you to take notes on all steps, but should yield the same (non-working) result. Mind that merging secret keys at least some years ago wasn't possible, so make sure you really clean start. Since you have a backup, I'd do this to investigate: create a new non-card test key, verify that operations work: sign/verify, encrypt/decrypt...

I have deleted my key from Enigmail. So you deleted public AND secret key, yes? You'd also have to reset the card since it's rebuild from the card otherwise. Re-importing allows you to take notes on all steps, but should yield the same (non-working) result. Mind that merging secret keys at least some years ago wasn't possible, so make sure you really clean start. Since you have a backup, I'd do this to investigate: create a new non-card test key, verify that operations work: sign/verify, encrypt/decrypt...

But there definitely was one before you exported your key to the card? So on that system, you were able to sign and decrypt, yes?

Good to have backups, so you can restart :) I'm on arch, too, Did you try "echo test | gpg --clearsign | cat"?! If this does not pop up a passphrase entry dialog, you're probably just lacking that. But that whould be the same for non card-based keys, so probably that's not the cause. Anyway, can you sign?

Hi Thomas, first: Did you export an existing key to the card or create one on-card? If you exported an existing key, du you have a copy/backup of your keyring? Second: Does the card report to be valid using gnupg command line (gpg --card-status)? Are you able to sign a message use CLI (echo test | gpg --clearsign | cat)? (The last command may not work 1:1 on Windows, use test files there.) Olav

Hi Dave, I am not aware of such functionality but happy to write some messages to get your setup tested. Please contact me using my firstnam at surname dot de, ideally already S/MIME signed. Olav