Troubleshooting
No agent running error
gpg-agent can sometimes die in the background, just restart it.
gpg-agent --daemonagent_genkey failed: permission denied
Security measure; this means that the terminal you are using is not owned by you and therefore GPG has aborted instead of continuing. Frequently happens if running over SSH.
Set proper terminal ownership.
ls -la $(tty)
> crw-rw----. 1 otheruser tty 4, 1 Jan 19 18:47 /dev/pts/9
sudo chown {USER} /dev/pts/9Yubikey Not Appearing
gpg-agent can lose the key if the daemon was restarted in the background or if the Yubikey is not seated properly.
# Re-insert the Yubikey, then run command to verify key returns data.
gpg --card-statusSSH connection failed, Server sent: publickey
SSH public key not provided or was not matched on the server.
- SSH public key is not loaded on the SSH server. Confirm your GPG public SSH key (see GPG Export Keys) is added to ~/.ssh/authorized_keys for the user you are attempting to login with.
- GPG agent configuration is not reloaded. Ensure SSH and Putty support in configuration is set, gpg-agent, and gpg-connect-agent are both restarted. See Configure GPG Agent.
Please insert card with serial number
Original key used for authentication is not the key being used now.
GPG Agent caches the serial number of the card for the KeyStub used. This just needs to be removed.
# Show all keygrips in GPG, these will be used to match cache in private store.
gpg --with-keygrip --list-keys
# Identify keygrip in private-keys-v1.d and delete it, or you can just remove
# all keys in that directory.
rm %appdata%\gnupg\private-keys-v1.d\{KEY} # Windows.
rm ~/.gnupg/private-keys-v1.d # Linux.Hard Reset Locked Yubikey Devices
This will wipe device and unlock it for use again.
gpg-connect-agent --hex
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00