tag:gpgtools.tenderapp.com,2011-11-04:/discussions/feedback/16266-signing-with-a-yubikey-fails-until-i-run-gpg-card-statusGPGTools: Discussion 2021-05-29T10:41:28Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/489179222020-12-20T17:05:45Z2020-12-20T17:05:48ZSigning with a Yubikey fails until I run `gpg --card-status`<div><p><strong>Which of our tools is giving you problems?</strong> GPG services (probably)</p>
<p><strong>Attach a screenshot of the version info for all installed components (how to: <a href="https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info-of-the-installed-tools">https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...</a>):</strong></p>
<p><strong>Describe your problem. Add as much detail as possible.</strong> I set up my Yubikey to hold my encryption, signing, authentication subkeys. The public key is stored in GPG Keychain. When I first insert the Yubikey and then try to sign a file from the service menu it fails, until I run <code>gpg --card-status</code>, after which I can sign successfully until I unplug/re-plug the Yubikey.</p>
<p>I think I'm not the only one with this problem (see first answer): <a href="https://security.stackexchange.com/questions/196429/gnupg-public-key-decryption-failed-invalid-id-using-yubikey-smartcard">https://security.stackexchange.com/questions/196429/gnupg-public-ke...</a></p>
<p><strong>What did you expect instead</strong> I expect the signing to always work without the <code>gpg --card-status</code> hack</p>
<p><strong>Describe steps leading to the problem.</strong> Plug in a Yubikey with a signing key, try to sign anything, watch it fail. Run <code>gpg --card-status</code>, try to sign a file again and it will work until the key is unplugged. Rinse and repeat.</p>
<p><strong>Are you using any other Mail.app plugins?</strong> No</p></div>Marcotag:gpgtools.tenderapp.com,2011-11-04:Comment/489179222020-12-21T11:21:53Z2020-12-21T11:21:53ZSigning with a Yubikey fails until I run `gpg --card-status`<div><p>Hi Marco,</p>
<p>thank you for taking the time to report this problem. We apologize for the bad experience.</p>
<p>This issue is likely related to a regression introduced in GnuPG 2.2.24 which should be <a href="https://dev.gnupg.org/T5065">fixed in 2.2.25</a>.</p>
<p>Could you please download and install our <a href="https://releases.gpgtools.org/nightlies/">latest hotfix GPG Suite</a> and see if that solves your problem.</p>
<p>All the best,<br>
Steve</p>
<p>Disclaimer: Hotfixes are GPG Suite builds containing our latest source code, so bugs and crashes may occur.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/489179222020-12-21T22:35:24Z2020-12-21T22:35:26ZSigning with a Yubikey fails until I run `gpg --card-status`<div><p>Yes, the nightly version does indeed fix the problem!</p></div>Marcotag:gpgtools.tenderapp.com,2011-11-04:Comment/489179222020-12-22T17:13:57Z2020-12-22T17:13:57ZSigning with a Yubikey fails until I run `gpg --card-status`<div><p>Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.</p>
<p>Best,<br>
Steve</p></div>Steve