I’m a long time fan of USB security keys for SSH access and signig GitHub commits, currently using YubiKey ones on both my laptop and desktop.
I did a semi-regular bulk upgrade of all the software packages managed on my desktop with Homebrew and then noticed a few days later that my YubiKey stopped working. It took me a few days to notice because I mostly worked on laptop (where things kept working) and also because my desktop has recently been upgraded - so I expected some instability.
After a few reboots, restarts of GnuPG daemon and even resintall of all the relevant packages using Brew, YubiKey was still not working.
Turns out it’s because GnuPG 2.3 and later releases (I’m using 2.3.1) stopped identifying YubiKey keys properly, and so CCID (it means Chip Card Interface Device protocol) way of accessing keys on the YubiKey device is not working.
Apparently, the way to fix this for now is to disable CCID, forcing GnuPG to use other means of accessing the same keys on the same YubiKey device - PC/SC (Personal Computer/Smart Card) interface.
Just add disable-ccid line to the ~/.gnupg/scdaemon.conf file. I didn’t even have the file, so had to create it.
As you know, ~ means “your current user’s home directory”, so in my case it’s /Users/greys:
Adding disable-ccid option to scdaemon.conf
After updating the file I killed the gnupg-agent:
$ pkill gpg-agent
gpg-agent[30678]: SIGTERM received - shutting down ...
gpg-agent[30678]: gpg-agent (GnuPG) 2.3.1 stopped
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!
YubiKey 5 Nano - the One I Use
Adding disable-ccid option to scdaemon.conf
