I have set the udev rules and followed the Fedora specific instructions, but I just can’t understand why gpg is not finding the NitroKey.
gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
The NitroKey is good, I have another Fedora computer and it works just fine.
Any troubleshooting ideas would be greatly appreciated. I am at this for a while and my head hurts.
Hello,
It might be the udev rules: Setting up The udev Rules - Nitrokey Documentation
Thank you for the reply.
Following a GitHub udev troubleshoot, I have:
nitropy nk3 reboot --bootloader =>
Sep 23 10:36:39 Iskra kernel: hid-generic 0003:20A0:42DD.000D: hiddev98,hidraw5: USB HID v1.00 Device [NXP SEMICONDUCTOR INC. USB COMPOSITE DEVICE] on usb-0000:00:14.0-1/input0
udevadm info --query=path /dev/hidraw5 =>
/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:42DD.000D/hidraw/hidraw5
udevadm test /devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:42DD.000D/hidraw/hidraw5 =>
This program is for debugging only, it does not run any program
specified by a RUN key. It may show incorrect results, because
some values may be different, or not available at a simulation run.
Trying to open "/etc/systemd/hwdb/hwdb.bin"...
Trying to open "/etc/udev/hwdb.bin"...
=== trie on-disk ===
tool version: 257
file size: 13750479 bytes
header size 80 bytes
strings 2774599 bytes
nodes 10975800 bytes
Loading kernel module index.
Loaded 'libkmod.so.2' via dlopen()
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
Using default interface naming scheme 'v257'.
Parsed configuration file "/usr/lib/systemd/network/99-default.link"
Parsed configuration file "/usr/lib/systemd/network/98-default-mac-none.link"
Parsed configuration file "/usr/lib/systemd/network/80-vm-vt.link"
Parsed configuration file "/usr/lib/systemd/network/80-namespace-ns.link"
Parsed configuration file "/usr/lib/systemd/network/80-container-vz.link"
Parsed configuration file "/usr/lib/systemd/network/80-container-ve.link"
Parsed configuration file "/usr/lib/systemd/network/80-container-vb.link"
Parsed configuration file "/usr/lib/systemd/network/80-6rd-tunnel.link"
Created link configuration context.
Reading rules file: /usr/lib/udev/rules.d/01-md-raid-creating.rules
Reading rules file: /usr/lib/udev/rules.d/10-dm.rules
Reading rules file: /usr/lib/udev/rules.d/10-nvidia.rules
Reading rules file: /usr/lib/udev/rules.d/11-dm-lvm.rules
Reading rules file: /usr/lib/udev/rules.d/11-dm-parts.rules
Reading rules file: /usr/lib/udev/rules.d/13-dm-disk.rules
Reading rules file: /usr/lib/udev/rules.d/39-usbmuxd.rules
Reading rules file: /usr/lib/udev/rules.d/40-libgphoto2.rules
Reading rules file: /usr/lib/udev/rules.d/40-usb-media-players.rules
Reading rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules
Reading rules file: /etc/udev/rules.d/41-nitrokey.rules
Reading rules file: /usr/lib/udev/rules.d/50-udev-default.rules
Reading rules file: /usr/lib/udev/rules.d/51-dlm.rules
Reading rules file: /usr/lib/udev/rules.d/51-ocfs2.rules
Reading rules file: /usr/lib/udev/rules.d/56-hpmud.rules
Reading rules file: /usr/lib/udev/rules.d/60-autosuspend.rules
Reading rules file: /usr/lib/udev/rules.d/60-block-scheduler.rules
Reading rules file: /usr/lib/udev/rules.d/60-block.rules
Reading rules file: /usr/lib/udev/rules.d/60-cdrom_id.rules
Reading rules file: /usr/lib/udev/rules.d/60-ddcutil-i2c.rules
Reading rules file: /usr/lib/udev/rules.d/60-dmi-id.rules
Reading rules file: /usr/lib/udev/rules.d/60-drm.rules
Reading rules file: /usr/lib/udev/rules.d/60-evdev.rules
Reading rules file: /usr/lib/udev/rules.d/60-fido-id.rules
Reading rules file: /usr/lib/udev/rules.d/60-infiniband.rules
Reading rules file: /usr/lib/udev/rules.d/60-input-id.rules
Reading rules file: /usr/lib/udev/rules.d/60-libjaylink.rules
Failed to open /usr/lib/udev/rules.d/60-nfs.rules, ignoring: Permission denied
Failed to read rules file /usr/lib/udev/rules.d/60-nfs.rules, ignoring: Permission denied
Reading rules file: /usr/lib/udev/rules.d/60-persistent-alsa.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-input.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage-mtd.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage-tape.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-storage.rules
Reading rules file: /usr/lib/udev/rules.d/60-persistent-v4l.rules
Reading rules file: /usr/lib/udev/rules.d/60-sensor.rules
Reading rules file: /usr/lib/udev/rules.d/60-serial.rules
Reading rules file: /usr/lib/udev/rules.d/60-steam-input.rules
Reading rules file: /usr/lib/udev/rules.d/60-steam-vr.rules
Reading rules file: /usr/lib/udev/rules.d/60-tpm-udev.rules
Reading rules file: /usr/lib/udev/rules.d/60-upower-battery.rules
Reading rules file: /usr/lib/udev/rules.d/60-vboxguest.rules
Reading rules file: /usr/lib/udev/rules.d/60_flashrom.rules
Reading rules file: /usr/lib/udev/rules.d/61-kde-bluetooth-rfkill.rules
Reading rules file: /usr/lib/udev/rules.d/63-md-raid-arrays.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs-dm.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs-zoned.rules
Reading rules file: /usr/lib/udev/rules.d/64-btrfs.rules
Reading rules file: /usr/lib/udev/rules.d/64-ext4.rules
Reading rules file: /usr/lib/udev/rules.d/64-md-raid-assembly.rules
Reading rules file: /usr/lib/udev/rules.d/65-libwacom.rules
Reading rules file: /usr/lib/udev/rules.d/65-persistent-net-nbft.rules
Reading rules file: /usr/lib/udev/rules.d/65-sane-backends.rules
Reading rules file: /usr/lib/udev/rules.d/66-kpartx.rules
Reading rules file: /usr/lib/udev/rules.d/68-del-part-nodes.rules
Reading rules file: /usr/lib/udev/rules.d/69-cd-sensors.rules
Reading rules file: /usr/lib/udev/rules.d/69-dm-lvm.rules
Reading rules file: /usr/lib/udev/rules.d/69-libftdi.rules
Reading rules file: /usr/lib/udev/rules.d/69-libmtp.rules
Reading rules file: /usr/lib/udev/rules.d/69-md-clustered-confirm-device.rules
Reading rules file: /usr/lib/udev/rules.d/70-camera.rules
Reading rules file: /usr/lib/udev/rules.d/70-hypervfcopy.rules
Reading rules file: /usr/lib/udev/rules.d/70-hypervkvp.rules
Reading rules file: /usr/lib/udev/rules.d/70-hypervvss.rules
Reading rules file: /usr/lib/udev/rules.d/70-joystick.rules
Reading rules file: /usr/lib/udev/rules.d/70-libcamera.rules
Reading rules file: /usr/lib/udev/rules.d/70-libfprint-2.rules
Reading rules file: /usr/lib/udev/rules.d/70-memory.rules
Reading rules file: /usr/lib/udev/rules.d/70-mouse.rules
Reading rules file: /usr/lib/udev/rules.d/70-nvmf-autoconnect.rules
Reading rules file: /usr/lib/udev/rules.d/70-nvmf-keys.rules
Reading rules file: /usr/lib/udev/rules.d/70-power-switch.rules
Reading rules file: /usr/lib/udev/rules.d/70-printers.rules
Reading rules file: /usr/lib/udev/rules.d/70-spice-vdagentd.rules
Reading rules file: /usr/lib/udev/rules.d/70-spice-webdavd.rules
Reading rules file: /usr/lib/udev/rules.d/70-touchpad.rules
Reading rules file: /usr/lib/udev/rules.d/70-uaccess.rules
Reading rules file: /usr/lib/udev/rules.d/71-ipp-usb.rules
Reading rules file: /usr/lib/udev/rules.d/71-nvmf-hpe.rules
Reading rules file: /usr/lib/udev/rules.d/71-nvmf-netapp.rules
Reading rules file: /usr/lib/udev/rules.d/71-nvmf-vastdata.rules
Reading rules file: /usr/lib/udev/rules.d/71-prefixdevname.rules
Reading rules file: /usr/lib/udev/rules.d/71-seat.rules
Reading rules file: /usr/lib/udev/rules.d/73-seat-late.rules
Reading rules file: /usr/lib/udev/rules.d/75-net-description.rules
Reading rules file: /usr/lib/udev/rules.d/75-probe_mtd.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-broadmobi-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-cinterion-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-dell-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-dlink-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-ericsson-mbm.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-fibocom-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-foxconn-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-gosuncn-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-haier-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-huawei-net-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-linktop-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-longcheer-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-mtk-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-nokia-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-qcom-soc.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-quectel-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-sierra.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-simtech-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-telit-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-tplink-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-ublox-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-x22x-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/77-mm-zte-port-types.rules
Reading rules file: /usr/lib/udev/rules.d/78-sound-card.rules
Reading rules file: /usr/lib/udev/rules.d/80-drivers.rules
Reading rules file: /usr/lib/udev/rules.d/80-iio-sensor-proxy.rules
Reading rules file: /usr/lib/udev/rules.d/80-libinput-device-groups.rules
Reading rules file: /usr/lib/udev/rules.d/80-mm-candidate.rules
Reading rules file: /usr/lib/udev/rules.d/80-net-setup-link.rules
Reading rules file: /usr/lib/udev/rules.d/80-nvidia-pm.rules
Reading rules file: /usr/lib/udev/rules.d/80-pktsetup.rules
Reading rules file: /usr/lib/udev/rules.d/80-udisks2.rules
Reading rules file: /usr/lib/udev/rules.d/81-net-dhcp.rules
Reading rules file: /usr/lib/udev/rules.d/84-nm-drivers.rules
Reading rules file: /usr/lib/udev/rules.d/85-nm-unmanaged.rules
Reading rules file: /usr/lib/udev/rules.d/85-regulatory.rules
Reading rules file: /usr/lib/udev/rules.d/90-alsa-restore.rules
Reading rules file: /usr/lib/udev/rules.d/90-bolt.rules
Reading rules file: /usr/lib/udev/rules.d/90-iocost.rules
Reading rules file: /usr/lib/udev/rules.d/90-libinput-fuzz-override.rules
Reading rules file: /usr/lib/udev/rules.d/90-nm-thunderbolt.rules
Reading rules file: /usr/lib/udev/rules.d/90-pipewire-alsa.rules
Reading rules file: /usr/lib/udev/rules.d/90-vconsole.rules
Reading rules file: /usr/lib/udev/rules.d/91-drm-modeset.rules
Reading rules file: /usr/lib/udev/rules.d/95-cd-devices.rules
Reading rules file: /usr/lib/udev/rules.d/95-dm-notify.rules
Reading rules file: /usr/lib/udev/rules.d/95-upower-hid.rules
Reading rules file: /usr/lib/udev/rules.d/95-upower-wup.rules
Reading rules file: /usr/lib/udev/rules.d/98-kexec.rules
Reading rules file: /usr/lib/udev/rules.d/99-nfs.rules
Reading rules file: /usr/lib/udev/rules.d/99-qemu-guest-agent.rules
Reading rules file: /usr/lib/udev/rules.d/99-systemd.rules
Reading rules file: /usr/lib/udev/rules.d/99-vmware-scsi-udev.rules
sd-device: Failed to chase symlinks in "/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:42DD.000D/hidraw/hidraw5".
hidraw5: /usr/lib/udev/rules.d/50-udev-default.rules:17 Importing properties from results of builtin command 'hwdb'
hidraw5: hwdb modalias key: "hid:b0003g0001v000020A0p000042DD"
hidraw5: hwdb modalias key: "usb:v20A0p42DDd0300dc00dsc00dp00ic03isc00ip00in00"
hidraw5: /usr/lib/udev/rules.d/60-fido-id.rules:5 Importing properties from results of 'fido_id'
hidraw5: Starting 'fido_id'
Successfully forked off '(spawn)' as PID 25067.
Skipping PR_SET_MM, as we don't have privileges.
hidraw5: 'fido_id'(err) 'Failed to get current device from environment: Invalid argument'
hidraw5: Process 'fido_id' failed with exit code 1.
hidraw5: /usr/lib/udev/rules.d/60-fido-id.rules:5 Command "fido_id" returned 1 (error), ignoring
hidraw5: /usr/lib/udev/rules.d/71-seat.rules:75 Importing properties from results of builtin command 'path_id'
hidraw5: /usr/lib/udev/rules.d/73-seat-late.rules:16 RUN 'uaccess'
Properties:
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:20A0:42DD.000D/hidraw/hidraw5
DEVNAME=/dev/hidraw5
MAJOR=242
MINOR=5
ACTION=add
SUBSYSTEM=hidraw
TAGS=:uaccess:seat:
CURRENT_TAGS=:seat:uaccess:
ID_VENDOR_FROM_DATABASE=Clay Logic
ID_MODEL_FROM_DATABASE=Nitrokey 3A NFC Bootloader/3C NFC Bootloader
ID_PATH_WITH_USB_REVISION=pci-0000:00:14.0-usbv2-0:1:1.0
ID_PATH=pci-0000:00:14.0-usb-0:1:1.0
ID_PATH_TAG=pci-0000_00_14_0-usb-0_1_1_0
ID_FOR_SEAT=hidraw-pci-0000_00_14_0-usb-0_1_1_0
USEC_INITIALIZED=41408062345
ID_PROCESSING=1
Tags:
uaccess
seat
Inotify watch:
disabled
Queued commands:
RUN{builtin} : uaccess
Unload kernel module index.
Unloaded link configuration context.
Why are you following this GitHub issue from 2022 ?
You just need to install the udev rules as explained in the documentation and then try again to do the GPG command to see if it’s fixed.
additionally do you have pcscd installed ?
The NitroKey documentation for setting up the udev rules has a link to that old GitHub comment for getting some debugging hints.
The udev rules are installed, you can see in the udevadm test:
[...]
Reading rules file: /usr/lib/udev/rules.d/40-usb_modeswitch.rules
Reading rules file: /etc/udev/rules.d/41-nitrokey.rules
Reading rules file: /usr/lib/udev/rules.d/50-udev-default.rules
[...]
additionally do you have pcscd installed ?
Yep, it looks to be installed and working.
cocolino@Iskra:~$ systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2025-09-25 15:50:24 BST; 49min ago
Invocation: 5dbc6ab390d34432a450bc8f9fea2114
TriggeredBy: ● pcscd.socket
Docs: man:pcscd(8)
Main PID: 25331 (pcscd)
Tasks: 9 (limit: 38000)
Memory: 1.8M (peak: 3.2M)
CPU: 467ms
CGroup: /system.slice/pcscd.service
└─25331 /usr/bin/pcscd --foreground --auto-exit
Sep 25 15:50:24 Iskra systemd[1]: Started pcscd.service - PC/SC Smart Card Daemon.
But gpg --card-status still returns:
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
Hello, still no progress on this. If anyone has an idea of what I could try let me know.
I am following the Fedora guide for setting up PGP with the NitroKey.
=> NitroKey firmware version: 1.8.2
=> lsusb reports: Bus 001 Device 011: ID 20a0:42b2 Clay Logic Nitrokey 3A Mini/3A NFC/3C NFC
=> pcsc-lite is installed and running
=> I have run the command: systemctl enable pcscd.socket pcscd.service && systemctl start pcscd.socket
=> I have connected libpcsclite to pcscd and shared access to `pcscd`, I have cat ~/.gnupg/scdaemon.conf:
pcsc-driver /usr/lib64/libpcsclite.so.1
pcsc-shared
=> gpg –card-status reports that no card is found.
P.S. Links to docs [dot] nitrokey [dot] com are not allowed? o.O What? Why? I wanted to show what guide I am following.
P.S.S. My post was flagged as spam by “the community“. What did I do wrong…?