YubiKey 5 Nano - the One I Use
I’m a long time fan of USB security keys for SSH access and signig GitHub commits, currently using YubiKey ones on both my laptop and desktop.
I did a semi-regular bulk upgrade of all the software packages managed on my desktop with Homebrew and then noticed a few days later that my YubiKey stopped working. It took me a few days to notice because I mostly worked on laptop (where things kept working) and also because my desktop has recently been upgraded - so I expected some instability.
After a few reboots, restarts of GnuPG daemon and even resintall of all the relevant packages using Brew, YubiKey was still not working.
Turns out it’s because GnuPG 2.3 and later releases (I’m using 2.3.1) stopped identifying YubiKey keys properly, and so CCID (it means Chip Card Interface Device protocol) way of accessing keys on the YubiKey device is not working.
Apparently, the way to fix this for now is to disable CCID, forcing GnuPG to use other means of accessing the same keys on the same YubiKey device - PC/SC (Personal Computer/Smart Card) interface.
Just add disable-ccid line to the ~/.gnupg/scdaemon.conf file. I didn’t even have the file, so had to create it.
As you know, ~ means “your current user’s home directory”, so in my case it’s /Users/greys:
Adding disable-ccid option to scdaemon.conf
After updating the file I killed the gnupg-agent:
… and restarted it again:
Listing SSH identities the first tiem resulted in scdaemon restart:
… but running the same command again finally showed my YubiKey card:
I expect this will be fixed in the future GnuPG releases, so please revisit this issue and possibly this page in the next few weeks for an update.