GPGTools fails to find yubikey
I try to setup a YubiKey 5C NFC together with GPGTools so that the private keys are stored on the Yubikey and the public key is available via http.
I follow the steps as described by Using Your YubiKey with OpenPGP. But when I try to to sign and encrypt a file I get the GPGTools dialog with the text: Please insert the card with serial number: 0006 17****** (Redacted last 6 digits).
When I run
gpg2 --card-status I see the following:
Reader ...........: Yubico YubiKey OTP FIDO CCID Application ID ...: D******** REDACTED ************* Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: Yubico Serial number ....: 17****** Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : http://localhost:9090/0087D47A.asc Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 KDF setting ......: off Signature key ....: B588 E314 EF64 BE34 6136 000B DCD2 E6A7 0087 D47A created ....: 2021-10-05 17:55:18 Encryption key....: 6FEC 210C 85E4 9092 11DC EC61 7DE7 2626 D621 596A created ....: 2021-10-05 17:55:18 Authentication key: 7AB0 39D2 E7A3 5712 5ABA B1DE C209 4CF5 EAE0 A60D created ....: 2021-10-05 19:33:33 General key info..: pub rsa4096/DCD2E6A70087D47A 2021-10-05 test (test) <[email blocked]> sec> rsa4096/DCD2E6A70087D47A created: 2021-10-05 expires: never card-no: 0006 17****** ssb> rsa4096/7DE72626D621596A created: 2021-10-05 expires: never card-no: 0006 17****** ssb> rsa4096/C2094CF5EAE0A60D created: 2021-10-05 expires: never card-no: 0006 17****** ssb rsa4096/6876C0B303D80E89 created: 2021-10-05 expires: never
For some reason the keys are references by
card-no: 0006 17****** which has the additional prefix
Could you please help me why GPGTools cannot find the Yubikey although it is connected?
gpg2 --version gpg (GnuPG/MacGPG2) 2.2.27 libgcrypt 1.8.7
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
Support Staff 1 Posted by Luke Le on 13 Oct, 2021 09:42 PM
this is quite curious indeed.
Could you try to sign a message using the following command and post its output?
2 Posted by paddogg on 16 Oct, 2021 10:17 AM
When I dug a little deeper, I saw a mixed keyring setup of GnuPG < 2.1 and newer versions. I have now fully migrated to *.kbx and delete the legacy files.
And as of now, I got it working. I am not sure what the issue was, but exporting all keys and importing them into a clean environment fixed it.
Support Staff 3 Posted by Steve on 19 Oct, 2021 07:07 PM
thanks for the update. This is great news!
Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Steve closed this discussion on 19 Oct, 2021 07:07 PM.