You’ll see that @George had the exact same problem here with stored keys Shared Key between GnuPG and WebCrypt
I don’t get the WebCrypt issue he mentions in the thread but you confirm you made some changes to WebCrypt that fixed that problem so that’s most likely why. He confirms the same issue all the way through the thread:
And that the same problem exists for both ProtonMail loaded key and GPG loaded keys. The error is thrown gpg: error reading key: No secret key
.
Goes on to say:
Using generated keys works which is what I have confirmed. In Stored Key Mode it looks like it’s not connecting to the OnlyKey before trying to list the PK, which makes complete sense as to why there is no secret key
error.
The conclusion here was that it’s not reproducible and that maybe it’s because he’s using QubesOS:
Yet it seems he confirmed it on Debian and Fedora as per his reply earlier (which I’ve re-quoted above), and I’ve also confirmed it on Ubuntu.
Also for completeness:
I’ve used a Trezor on QubesOS and can confirm that works fine as long as you pass through to the USB VM correctly, for the record. He’s also confirmed generated keys worked on QubesOS so you’d expect Stored Keys would too.
In conclusion, I think this is a bug. Looks like the keys are loaded fine which I’ve confirmed using WebCrypt. It seems the problem lies in not being able to read the PK properly. I see in your examples you’re using the Trezor build rather than the OnlyKey one - maybe this is the problem?
– BVS