"gpg --card-edit" with multiple card readers (Yubikey)

[Juanjo]

On Fri, Jul 7, 2023 at 1:12 PM Werner Koch <wk at gnupg.org> wrote:
>
> On Fri,  7 Jul 2023 11:19, Juanjo said:
>
> > I'm using "gpg (GnuPG) 2.3.3" on AlmaLinux 9 and it works fine with a
> > single "YubiKey 5 USB (5.4.3) [CCID]".
>
> You should get a recent version.  Even Fedora comes with 2.4.0

OK, I will try to recompile gnupg RPM from Fedora sources.

> > So, is there a way to select a specific Yubikey for the "gpg --card-edit"
> > command?
>
> GnuPG 2.3 and later supports several readers and thus the reader-port
> option of scdaemon is not really useful anymore.  Please have a look at
> gpg-card [1], this new tool will eventually replace gpg --card-edit but
> it is different because it supports all kind of cards.  There is even a
> yubikey control command.  It depends on what you actually want to do.

I will take a look at gpg-card.

Our setup is very simple, we disabled all NFC Applications on the
Yubikey and also disabled all USB applications except OPENPGP.

Then we generate a PGP certificate on Yubikey and use it to access our
servers via SSH (by using the ability of gpg-agent to act as
ssh-agent).
This works fine with a single Yubikey, but we wanted to have more than
one connected at the same time in order to batch-configure them and
even to try to use multiple SSH key authentication in specific target
servers.

> Shalom-Salam,
>
>    Werner

Thanks for your fast response, Werner.

Regards,
Juanjo

> [1] https://gnupg.org/documentation/manuals/gnupg24/gpg-card.1.html
>
> --
> The pioneers of a warless world are the youth that
> refuse military service.             - A. Einstein