Page MenuHome GnuPG

scdaemon will throw "app_decipher failed" if "gpg --card-status" not issued beforehand
Closed, ResolvedPublic


I use a Yubikey NEO to store gpg keys, and have been doing decryption commands (i.e. pass show) directly so gpg-agent presents me the pinentry and after the PIN is entered decryption works fine.

Unfortunately those decryption commands can't be entered directly anymore, the pin entry will not be shown, decryption will fail and scdaemon log will show an app_decipher failed invalid id error.

I can only get a pinentry screen if I first enter a gpg --card-status command. This way, decryption commands will work for as long as the cache is set.

I'm unsure if this started to happen after a software update or after an update I did on the key expiration date.

I have pcsclite installed and scdaemon.conf has a disable-ccid directive to use it. It seems to be working fine by running pcsc_scan.

Kind regards.


gnupg 2.2.24-1 on Arch Linux

Event Timeline

werner claimed this task.
werner added a project: Duplicate.
werner added a subscriber: werner.

See the release info over at T5052 which notes the problem. See T5140 for details and update to 2.2.25.