Problems with USB access to Omnikey 4321

Peter Lebbing peter at
Sun May 15 18:51:44 CEST 2016

On 15/05/16 18:36, Peter Lebbing wrote:
> At this point, I'd really like to know which version of GnuPG you're using. And
> if you're using GnuPG 1.4, do you have 2.x installed? Could you easily install
> 2.1 if you don't have a 2.x installed already?

On reflection, the difference in behaviour is in the scdaemon, not in the gpg
binary which talks to the agent. I don't recommend you use the gpg program from
GnuPG 1.4, but do it all with GnuPG 2.x, but it's not that which causes the
difference from how it goes here.

The difference is that your gpg --card-status does a "scd serialno openpgp",
unlike your "scd serialno". But for me, "scd serialno openpgp" also tries the
SELECT MF first.

By far the easiest way to factory reset an OpenPGP card is with GnuPG v2.1's
command factory-reset from --card-edit.

The thing is, there are cards where the two commands involved where accidentally
switched around. This keeps on confusing me, I still can't say which card needs
which order of reset commands to work.

You could try to do what you're doing with "scd serialno openpgp" instead of
"scd serialno", to see if it works then. But it's odd this is needed. The "scd
serialno undefined" you can also find is probably unneeded at this point because
that's for cards where the OpenPGP application is in "Terminated" state or
something like that, and your OpenPGP application is still responsive when you
do --card-status.

Which instructions are you trying to follow?



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list