Troubleshooting

No agent running error

gpg-agent can sometimes die in the background, just restart it.

gpg-agent --daemon

agent_genkey failed: permission denied

Security measure; this means that the terminal you are using is not owned by you and therefore GPG has aborted instead of continuing. Frequently happens if running over SSH.

Set proper terminal ownership.
$ ls -la $(tty)

crw-rw----. 1 otheruser tty 4, 1 Jan 19 18:47 /dev/pts/9

$ sudo chown {USER} /dev/pts/9

Yubikey Not Appearing

gpg-agent can lose the key if the daemon was restarted in the background or if the Yubikey is not seated properly.

Re-insert the Yubikey, then run command to verify key returns data.
gpg --card-status

SSH connection failed, Server sent: publickey

SSH public key not provided or was not matched on the server.

  1. SSH public key is not loaded on the SSH server. Confirm your GPG public SSH key (see Export GPG Keys) is added to ~/.ssh/authorized_keys for the user you are attempting to login with.

  2. GPG agent configuration is not reloaded. Ensure SSH and Putty support in configuration is set, gpg-agent, and gpg-connect-agent are both restarted. See: Restart GPG Agent and Connect Agent to apply configuration changes (powershell)..

Please insert card with serial number

../../_images/pinentry-wrong-key.png

Occurs because the original key used for authentication is not the key being used now. GPG Agent caches the serial number of the card for the KeyStub used. This just needs to be removed.

Show all keygrips in GPG, these will be used to match cache in private store.
gpg --with-keygrip --list-keys

Identify keygrip in private-keys-v1.d and delete it, or you can just remove all keys in that directory.

Note

Windows Location: %appdata%\gnupg\private-keys-v1.d\

Linux Location: ~/.gnupg/private-keys-v1.d