Page MenuHome GnuPG

gnupg 2.3.7 broke YubiKey support: DBG: Curve with OID not supported: 2b06010401da470f01
Closed, ResolvedPublic

Description

I recently had to downgrade gnupg to 2.3.6 after an update because it stopped working with my YubiKey:

Aug 31 11:45:58 gpg-agent[40089]: scdaemon[40089]: detected reader 'Yubico YubiKey OTP+FIDO+CCID 00 00'
Aug 31 11:45:58 gpg-agent[40089]: scdaemon[40089]: DBG: Curve with OID not supported:  2b06010401da470f01
Aug 31 11:45:58 gpg-agent[40089]: scdaemon[40089]: no supported card application found: Card error

2b06010401da470f01 seems to be an OID for Ed25519 curve.

this is my config:

nazarewk@nazarewk-krul ~ % cat ~/.gnupg/scdaemon.conf 
pcsc-shared
# disable-ccid to make YubiKey work
# - https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG
# - https://dev.gnupg.org/T5451
disable-ccid

# PIN caching fix
# - https://github.com/drduh/YubiKey-Guide/issues/135
# - https://dev.gnupg.org/T3362
# fix from https://dev.gnupg.org/T5436#148656
disable-application piv
nazarewk@nazarewk-krul ~ % cat ~/.gnupg/gpg-agent.conf
pinentry-program /nix/store/0y1vlxssvxv4j3q922n8mjwayihvqyh9-pinentry/bin/pinentry

https://github.com/nazarewk-iac/nix-configs/blob/9085c484440ac4c381b09758f10bbc83f24bdb63/modules/hardware/yubikey/default.nix#L16-L28

Details

Version
2.3.7