Hello,
I have set up split gpg2 as per the documentation, but the client qube is not able to sign.
I am on Qubes 4.3 , with sys-gui. Here is what I have done so far:
In dom0:
$ sudo qubes-dom0-update split-gpg2-dom0
$ echo "qubes.Gpg2 + gpg-client @default ask target=gpg-server" >> /etc/qubes/policy.d/30-user-gpg2.policy
$ echo "qubes.Gpg2 + @anyvm @anyvm deny" >> /etc/qubes/policy.d/30-user-gpg2.policy
$ qvm-service --enable gpg-client split-gpg2-client
^ above I also tried with more permissive policy in 30-user-gpg2.policy, but it still won’t work.
In split-gpg-template (template for both client and server):
$ sudo apt install split-gpg2 -y
I imported the private key in gpg-server, as well as the public key in gpg-client.
I also set up this policy in the gpg-server, in /home/user/.config/qubes-split-gpg2/qubes-split-gpg2.conf
[DEFAULT]
autoaccept = no
verbose_notifications = yes
allow_keygen = no
[client:gpg-client]
autoaccept = 90
verbose_notifications = yes
allow_keygen = no
When I run $ gpg -k or $ gpg -K in gpg-client, everything works fine, but when I try to sign:
~$ gpg --clearsign file
gpg: signing failed: No secret key
gpg: file: clear-sign failed: No secret key
I have been debugging for four hours at this point and any help is appreciated. 
Before I used to use split-gpg (old version), but I need some functionality from split-gpg2.