2.2 migration for smartcard users

GPG Suite 2017.1 nightly migrates users to gpg 2.2. That migration has implications for smartcard users. In order to get you quickly back to working state, please go through this KB in it's entirety.

In case you are still on 2.0 please verify prior to updating that every key on your smartcard is working as expected. Please test signing, decrypting and signing another key with each of your secret keys on your smartcard.

Remove old installations of gpg

In case you have old versions of gpg running on your system, please remove them. That includes gpg 1.4.x, 2.0.x, gpgosx, gpg installed via homebrew or older 2.2 installations.

To remove old installations:

brew uninstall gpg
brew uninstall gpg1
brew uninstall gpg2

sudo rm -rf /usr/local/gnupg-2.1

sudo rm /opt/local/bin/gpg /opt/local/bin/gpg2 /opt/local/bin/gpg-agent
sudo rm /usr/local/bin/gpg /usr/local/bin/gpg2 /usr/local/bin/gpg-agent

Prepare for update (or if an update did not show all of your keys)

  1. create a backup of your .gnupg folder
  2. after verifying the backup folder has been created, open a new finder window
  3. press ⇧⌘G and paste ~/.gnupg to open your .gnupg folder
  4. remove the following files and folders (if they exist)
    • ~/.gnupg/private-keys-v1.d
    • ~/.gnupg/pubring.kbx
    • ~/.gnupg/.gpg-v21-migrated – this file is invisible, paste the following command into Terminal.app and execute with enter to remove it: rm ~/.gnupg/.gpg-v21-migrated

Then install GPG Suite with 2.2.

After the update: Re-create lost stubs

During the update key-stubs are lost. To re-create them after the 2.2 update

  1. open Terminal.app and connect your smartcard to your mac
  2. paste gpg --card-status into terminal and execute with enter
  3. repeat process for additional smartcards