Troubleshooting Issues with GPG

This article covers some of the issues you may experience when using GnuPG (GPG) with your YubiKey and possible solutions. 


Note: as of GPG 2.3 there is a regression that prevents GPG from identifying the YubiKey by name and setting "reader port Yubico YubiKey" is ignored. This has been reported to the GPG developers and the problem has been identified and fix has been pushed into the main tree. However this fix may take some time to make it to the release versions. as a workaround you can try adding disable-ccid to the scdaemon.conf. at this time we recommend not upgrading to GPG 2.3


GPG Does Not See the YubiKey

If you run gpg --card-status with the YubiKey plugged in and GPG does not detect the YubiKey, try the steps below.

  1. Your device does not support the OpenPGP applet. See the Applicable Products section above.

  2. Using YubiKey Manager, verify that your YubiKey has CCID enabled and the OpenPGP application installed. If CCID is disabled, you can use YubiKey Manager to enable it.

  3. Specify the smart card reader GPG uses by adding the line “reader-port Yubico Yubi” (without quotes) to the scdaemon.conf file; create the file if it does not exist. After making this change, reboot your computer to ensure it takes affect. 

    • On Windows the file is located at: %APPDATA%\gnupg\scdaemon.conf

    • On macOS and Linux it is at: ~/.gnupg/scdaemon.conf

    • On macOS or Linux, you may need to add "reader-port Yubico Yubikey" (with a lowercase K) instead of what is above if you are using a YubiKey 4 Series or NEO

Importing PGP Key to the YubiKey Fails

If you run keytocard under the gpg --card-edit feature and it fails, this usually indicates you are using a large key (4096bit) and an older version of GPG. For large keys you need to use GPG v2.0 or newer which you can verify by running gpg --version. On some systems, both GPG v1.x and GPG v2.x exist simultaneously and you need to access GPG v2 by running gpg2 instead of gpg.