GPGTools fails to find yubikey

paddogg's Avatar


05 Oct, 2021 08:07 PM

I try to setup a YubiKey 5C NFC together with GPGTools so that the private keys are stored on the Yubikey and the public key is available via http.

I follow the steps as described by Using Your YubiKey with OpenPGP. But when I try to to sign and encrypt a file I get the GPGTools dialog with the text: Please insert the card with serial number: 0006 17****** (Redacted last 6 digits).

When I run gpg2 --card-status I see the following:

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D******** REDACTED *************
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 17******
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : http://localhost:9090/0087D47A.asc
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: B588 E314 EF64 BE34 6136  000B DCD2 E6A7 0087 D47A
      created ....: 2021-10-05 17:55:18
Encryption key....: 6FEC 210C 85E4 9092 11DC  EC61 7DE7 2626 D621 596A
      created ....: 2021-10-05 17:55:18
Authentication key: 7AB0 39D2 E7A3 5712 5ABA  B1DE C209 4CF5 EAE0 A60D
      created ....: 2021-10-05 19:33:33
General key info..: pub  rsa4096/DCD2E6A70087D47A 2021-10-05 test (test) <[email blocked]>
sec>  rsa4096/DCD2E6A70087D47A  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb>  rsa4096/7DE72626D621596A  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb>  rsa4096/C2094CF5EAE0A60D  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb   rsa4096/6876C0B303D80E89  created: 2021-10-05  expires: never

For some reason the keys are references by card-no: 0006 17****** which has the additional prefix 0006.

Could you please help me why GPGTools cannot find the Yubikey although it is connected?

gpg2 --version
gpg (GnuPG/MacGPG2) 2.2.27
libgcrypt 1.8.7
  1. Support Staff 1 Posted by Luke Le on 13 Oct, 2021 09:42 PM

    Luke Le's Avatar


    this is quite curious indeed.
    Could you try to sign a message using the following command and post its output?

    echo "Test" | gpg -sau DCD2E6A70087D47A --status-fd 1


  2. 2 Posted by paddogg on 16 Oct, 2021 10:17 AM

    paddogg's Avatar

    Hi Luke,
    When I dug a little deeper, I saw a mixed keyring setup of GnuPG < 2.1 and newer versions. I have now fully migrated to *.kbx and delete the legacy files.

    And as of now, I got it working. I am not sure what the issue was, but exporting all keys and importing them into a clean environment fixed it.


  3. Support Staff 3 Posted by Steve on 19 Oct, 2021 07:07 PM

    Steve's Avatar


    thanks for the update. This is great news!

    Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.


  4. Steve closed this discussion on 19 Oct, 2021 07:07 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac