Nitrokey 3 gpg usage fails even though key is detected

Following behavior when trying to use a Nitrokey3 with gpg

% gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

Observations, cirumstances:

• Only one of my systems (Ubuntu noble) is affected. Other (Arch, another Ubuntu noble) work fine
• On the affected system a Nitrokey Pro works fine.
• ~/.gnupg/scdaemon.conf contains only the line disable-ccid.
• the file 41-nitrokey.rules from the libnitrokey-common package is in /lib/udev/rules and the rules are reloaded (reboot)
• The current nitrokeyapp works fine
• When the key is inserted the systemd messages "Reached smartcard.target - Smart Card.` do not occur.
• When trying gpg --card-status the following lines appear in the systemd logs

Aug 13 11:14:36 <hostname> gpg-agent[56998]: scdaemon[56998]: detected reader 'Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00'
Aug 13 11:14:36 <hostname> gpg-agent[56998]: scdaemon[56998]: pcsc_connect failed: sharing violation (0x8010000b)
Aug 13 11:14:36 <hostname> gpg-agent[56995]: DBG: handle_pincache_put: flushing cache '0//'

Any more ideas on how to debug this?

Thanks

This probably means that another application has exclusive access to the device. If you run gpg --card-status directly after boot without starting any other application, do you get the same error?

Thanks. That was the reason. I have a Citrix client installed on the affected system and the citrix-ctxcwalogd is grabbing the device right after it has been inserted. When I stop ctxcwalogd.service, gpg --card-status works

I now have to figure out how to prevent citrix-ctxcwalogd from grabbing the device.

One difference between the Nitrokey Pro and the Nitrokey 3 is that the Nitrokey 3 also implements the PIV protocol over the smartcard interface. So this could be a reason why Citrix access the Nitrokey 3 but not the Nitrokey Pro. If you don’t use PIV, you can try disabling it with nitropy nk3 set-config piv.disabled true.