PSA: YubiKey PGP smart card reader in Linux

Avg. 1 minute(s) of reading

Up until now, I've storing passkeys in my Bitwarden (Vaultwarden) instance. I like them, so I bought a YubiKey.

PGP Smart Card

In essence, you can use your PGP in your YubiKey and sign/encrypt stuff from it. It's a nice way to use your key in multiple devices. The Arch Wiki has a nice guide about it.

After generating new PGP keys and storing them in my YubiKey, I was having trouble using the smart card feature. My YubiKey wasn't consistently detected by gpg: running gpg --card-status would throw out an error saying there weren't any smart cards detected.

Solution

Turns out that YubiKeys have 2 CCID smartcard applications, PIV and OpenPGP, but only one can be active at a time. For some reason, the YubiKey was constantly switching to PIV mode, which made gpg fail to detect the smart card. The solution was to disable the PIV application in the settings of gpg:

1# ~/.gnupg/scdaemon.conf 2pcsc-driver /usr/lib/libpcsclite.so 3disable-ccid 4pcsc-shared 5# the important line: 6disable-application piv

I had to create this scdaemon.conf file, as it didn't exist for me.

Conclusion

To be honest, this problem seems to stem from me not understanding everything that is going on, but it was hard for me to find the solution anywhere. Maybe this post saves time to someone.

Stay safe :P