@colemickens We don't maintain any ccid udev rules in GnuPG. What do you refer?

To note, this is in contrast to my experience with gpg-2.2 (provided by gpg4win). With gpg-2.2, I was reliably using my Yubikey for a variety of things, and it handled hotplugging perfectly, as one would expect.

I have disabled this on Windows. Once "SCD DEVINFO --watch" works reliably on Windows, we can reenable the DeviceInfoWatcher on Windows.

Also let me know if there are any daemons I have to kill/restart when switching between GnuPG versions by changing the $PATH. Whenever I have problems with my YubiKey, I run gpgconf --kill gpg-agent, which I also executed when I switched from version 2.2.27 back to 2.3.1 but I have no idea whether this is required or sufficient.

Run gpg --debug ipc --card-status to quickly see the communication with the scdaemon.

Hi Ingo,

Can you help me, please?

@gniibe can you provide any commentary on why the gnupg ccid udev rule is so much smaller than the one debian maintains? Is the debian one considered authoritative these days?

The patch references the following bug:

Should be mostly done. What's missing is selection of groups in the approval dialog. Groups are not (yet) supported by the KeySelectionCombo.

when I insert: gpg --verify -v Bisq-64bit-1.6.2.exe.asc at the command line (at windows), I get the answer:
gpg: cannot open "Bisq-64bit-1.6.2.exe.asc": No such file or directory
gpg: verify signatures failed: No such file or directory

Please try to verify on the command line (cmd.exe):

Thanks @gniibe, that's very helpful advice and pointers. Very appreciated, cheers.

Thank you all for the help. I thought this was a bug with pinentry itself but appears to be dbus related based on the above command.

Perhaps, if a distro haven't offered setting of USB, it would be better to configure GnuPG build with --disable-ccid-driver and only support scdaemon with PC/SC. GPG for Windows does so.

1. It's a breaking change for system with both of PC/SC and CCID. T4673 due to T3300
   • If you configure with no libusb, users don't need 'disable-ccid' option.
2. I don't know how "wide".
3. In Debian, it is maintained here: https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/scdaemon.udev
4. Yes.

To set DISPLAY, dbus-update-activation-environment is your friend.

FYI, for me, on a machine with Debian GNU/Linux, I use Sway, it works fine with pinentry-gnome3.

Backported in rC3f48e3ea37ad: ecc: Check the input length for the point..

I have installed the Gnome keyring prompter and there seems to be a problem using the Wayland display

The curve is not defined to be used for ECDH (encryption); in fact it should in general only be used with the EdDSA
algorithm. You need to use "Key-Type: eddsa". Note that the EdDSA signing algorithm is different than the commonly used ECDSA signing algorithm.

Can you please port this also to 1.8?

Thanks for the quick response Werner. I knew I could use it with quick-gen-key and I’ve updated my config file to have it as default.
But, just for my understanding, is there a reason ed25519 cannot be used with full-gen-key and gen-key in batch mode?

You can't use ecdh with ed25519.

Hi, as a contributor to NixOS I'd also like some guidance. I'm testing the 2.3 upgrade ahead of 2.4, and it "breaks" Yubikey UX that I know many of us use. This might be because we appear to not yet install gnupg's CCID udev rules installed. A few questions: