Hey folks!
Today I received my brand new Nitrokey Pro 2 and started setup immediately. I am on Windows 10 Pro.
Unfortunately it worked only half.
I installed the Nitrokey App v 1.4.0 in advance and it recognized the Nitrokey successfully - I was able to change user PIN and admin PIN. So far so good.
I then tried to transfer my PGP key to the stick. As described in the HowTo, I used the command ‘keytocard’ which resulted in the following message:
gpg> keytocard
Really move the primary key? (y/N) y
gpg: selecting card failed: No such device
gpg: key operation not possible: No such device
I then tried to execute ‘certutil -scinfo’ and got the following output:
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 2
0: Microsoft IFD 0
1: Nitrokey Nitrokey Pro 0
— Reader: Microsoft IFD 0
— Status: SCARD_STATE_EMPTY
— Status: No card.
— Card:
— Reader: Nitrokey Nitrokey Pro 0
— Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
— Status: The card is available for use.
— Card: OpenPGP card v3.x
— ATR:
3b da 18 ff 81 b1 fe 75 1f 03 00 31 f5 73 c0 01 ;…u…1.s…
60 00 90 00 1c `…
=======================================================
Analyzing card in reader: Microsoft IFD 0
=======================================================
Analyzing card in reader: Nitrokey Nitrokey Pro 0
OpenSC CSP: Missing stored keyset
Microsoft Smart Card Key Storage Provider: Missing stored keyset
--------------===========================--------------
CertUtil: -SCInfo command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
CertUtil: Keyset does not exist
I tried reinstalling GnuGPG (newest version 3.1.14), installing OpenSC, nothing worked.
At the end I even opened GPA where the card manager says ‘Error accessing the card’…
Googling a bit I found similar issues that were resolved by disabling second smartcards (I only have one) or using the Windows standard driver (which I use, in device manager it shows one entry under ‘smart card readers’: Microsoft Usbccid Smartcard Reader (WUDF).
So I am stuck now and hope any of you guys can help me.
Thanks in advance!
thanks for your quick reply.
Tried that (had to open an elevated prompt for this) and the service stopped successfully.
Unfortunately the issue persists.
‘gpg --card-status’ shows this output on elevated prompt
C:\Windows\system32>gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
as well as on user prompt
C:\Users\Haui>gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
I did some more troubleshooting, maybe this information helps to pinpoint the issue.
I uninstalled all software (all minidrivers, OpenSC, OpenPGP, GPG4Win) and did a clean restart.
Then I reinstalled GPG4Win, tried again, output for certutil now is a bit different, I guess because I uninstalled OpenSC:
Analyzing card in reader: Nitrokey Nitrokey Pro 0
SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
Cannot retrieve Provider Name for SCardGetCardTypeProviderName: The system cannot find the file specified. 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
Cannot retrieve Provider Name for
--------------===========================--------------
CertUtil: -SCInfo command FAILED: 0x2 (WIN32: 2 ERROR_FILE_NOT_FOUND)
CertUtil: The system cannot find the file specified.
Ok, I then tried to insert my smartcard for work (used for certificate auth for web application). certutil shows same output so this seems to be ok then, because another ‘gpg --card-status’ immediately recognized this card:
C:\Users\Haui>gpg --card-status
Reader …: Identiv SCR3500 C Contact Reader 0
Application ID …: 021028103607134A
Application type .: PKCS#15
So I think the main issue is that the Nitrokey Pro 2 is not recognized by gpg because everything else (e.g. Password manager) works as expected. Hope this helps… very much appreciated
New day, new luck.
I finally figured it out by myself
What I did (in case you have the same issue):
I enabled smartcard logging in Kleopatra (4 - verbose) and specified a log file.
After connecting the nitrokey I saw the following lines:
I came to the conclusion that somehow the Microsoft SC (which is in fact not present) and the Nitrokey get in conflict. I copied the reader name ‘Nitrokey Nitrokey Pro 0’ and pasted into the field ‘Connect to reader at port n’ under Kleopatra settings > GnuPG systems.
After removing and inserting the Nitrokey again, everything worked instantly…
So, long story short: I transferred my PGP keys seconds ago. Weekend saved!
