Some questions about working with different versions of GnuPG and the fsfe's card on subkeys doc [UPDATED]]

stebe at stebe at
Tue Feb 16 14:17:41 CET 2016

UPDATE (see below)

stebe at
> stebe at
>> stebe at
> [...]
> [...]
>> I have problems getting GnuPG v.2.0.19 to work with the Nitrokey Pro USB
>> Smart Card (reader is integrated into device). After importing the
>> pubkey and connecting the Smart Card I performed these steps:
>> #Gnome Keyring already being disabled, being installed the following
>> packages: opensc, pcscd, libccid, Nitrokey udev rules installed, having
>> performed a udevd stop and restart, and added required strings to
>> /etc/libccid_Info.plist :
> [...]
>> I checked the Nitrokey support docs, their FAQ, in addition to (1) and
>> (2) the gpg manpages and the gnupg info manual. Is there anyone that
>> has/had similar problems? What else can I check for troubleshooting?
>> In fact, the device is being recognized using gpg but I'd like to use it
>> with gpg2.
> [...]
> It has turned out that my off-line FAQ copy did not include a section
> that must have been added recently, detailing the package versions of
> the required components. This may be one/the reason for gpg2 not being
> able to connect to the Nitrokey. I detail it below so that other users
> might benefit from it.
> GnuPG 2.0.18 or newer. We recommend the 2.0 main version. 2.1 is still a
> bit unstable.
> OpenSC 0.15 is not sufficient and you would need its nightly builds or
> compile it from their git repository.
> libccid 1.4.22
> being the last two requirements those that are not met by my system's
> configuration.

Without any intention of bothering you, I want to add the following to
be precise and provide useful information:
On debian-wheezy scdaemon is not being installed along with gnupg
2.0.19, but only with gpgsm, so I didn't even have the scdaemon
installed, - and, in fact, gpg complained about that: no card daemon!!

I'll now have another problem I have noticed when reading Neal's comment
on (1)

Also, gpg 1.4 and gpg 2.0 can’t merge secret keys (this limitation has
been removed in gpg 2.1). As such, if you try to reimport your secret
keys, it won’t work. Instead, you have to delete the secret key database
and then reimport.

As the card was recognized by gpg1 and sub key stubs had been recreated
in secring.gpg, having the whole thing configured again, this time using
gpg2, will force me to delete secring.gpg beforehand. (if I understand
things correctly)




More information about the Gnupg-users mailing list