GPG Suite 2017.1 - GnuPG 2.0 -> GnuPG 2.2 Migration Help

With GPG Suite we have upgraded our version of GnuPG (MacGPG2) from GnuPG 2.0 to GnuPG 2.2.
Since the release a few issues have been reported which affect some of our users. Below you will find the issues that have been reported and potential solutions.

Since the upgrade, I'm asked for my secret key's passphrase, but I can't remember what it was

The good news is, your passphrase is still stored in macOS Keychain.
To access it, follow these steps:

  1. Open macOS Keychain Access (enter Keychain Access in Spotlight)
  2. Enter "GnuPG" in the search field
  3. Double-click on the resulting entry

Unfortunately GnuPG 2.2 has changed the format of how passphrase are stored in your macOS Keychain. As a consequence, you will have to re-enter your passphrase once for signing a message/file and once for decrypting a message/file. After that, you will not be asked for your passphrase again if you choose to store your passphrase in keychain.

I am missing a secret key

GnuPG 2.2 has introduced a new file format for storing your GnuPG keyring. When your first use GnuPG after updating to GPG Suite 2017.1, your old keyring will be converted to the new format.
In some cases the migration unfortunately doesn't complete. In that case, you can re-import missing secret keys with the following command:

gpg --import < ~/.gnupg/secring.gpg

If the missing secret key is stored on a smart card / USB token, please see the next section.
Should the secret key still be missing after this command and it's not stored on a smart card / USB token, please create a new discussion. Before converting your keys we have created a backup, they are not lost.

I am missing a secret key (smart card / USB token edition)

Unfortunately GnuPG 2.2 doesn't migrate your smart card key stubs, when migrating from GnuPG 2.0.
In order to re-create them, run the following command for each smart card:

gpg --card-status

My YubiKey does no longer work

Some users have reported that their YubiKeys are no longer working after updating to GPG Suite 2017.1, which is related to the new GnuPG 2.2.
In order to be able to use your YubiKey with GnuPG 2.2 again, please follow these steps:

  1. Download and install the YubiKey NEO Manager
  2. Plugin your YubiKey
  3. Start the YubiKey NEO Manager application
  4. Click on the "Change connection mode" button
  5. Deselect the "CCID" option if it's checked.
  6. Press OK and remove the YubiKey
  7. Plug the YubiKey back in
  8. Click on the "Change connection mode" button again
  9. Check the "CCID" option
  10. Press OK and remove the YubiKey
  11. Plug the YubiKey back in
  12. Close YubiKey NEO Manager

To verify that these steps worked, run gpg --card-status in Terminal and check if your key pair shows up.
You should now be able to use your YubiKey again just like before.

If you are still seeing issues after following these steps, there's something else which could help:

  1. Edit or create a file called scdaemon.conf in ~/.gnupg
  2. Add the following line:


  3. Save the file and kill scdaemon:
    killall scdaemon

  4. Run gpg --card-status again

If neither of these steps work, please open a support request