[Nitrokey Pro] Key gen on card results in general error

After generating keys on the card succesfully a few times, it suddenly stopped working. Now I get “General Card Error” every time.

I have verified this behavior on Red Hat Enterprise Linux 7 and MacOS X 10.11.

I did a factory reset of the Nitrokey too but that didn’t help either.

Any hint?


That sounds wrong indeed. The most common issue is that GnuPG couldn’t access the device because Gnome-Keyring or some other tool is blocking the access. You can also try to execute “sudo gpg --card-status” which helps in case of wrong user permissions. If you can still not access the device you should send it back to us.

I have a similar problem. I have successfully transferred my gpg key to the Nitrokey Pro. I have two sub keys, sign and encrypt. I am able to sign, encrypt and decrypt without any problems. I now want to add an authentication sub key. I kill gnome-keyring, and then open 'gpg --edit-key ', and issuing the command ‘addcardkey’. This command first gives this information:
gpg> addcardkey
gpg: detected reader `Crypto Stick Crypto Stick v1.4 (000034160000000000000000) 00 00’
gpg: reader slot 0: not connected
gpg: reader slot 0: active protocol: T1
gpg: slot 0: ATR=3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
gpg: AID: D2 76 00 01 24 01 02 01 00 05 00 00 34 16 00 00
gpg: Historical Bytes: 00 31 C5 73 C0 01 40 05 90 00
gpg: Version-2 …: yes
gpg: Get-Challenge …: yes (2048 bytes max)gpg: Key-Import …: yes
gpg: Change-Force-PW1: yes
gpg: Private-DOs …: yes
gpg: Algo-Attr-Change: yes
gpg: SM-Support …: nogpg: Max-Cert3-Len …: 2048
gpg: Max-Cmd-Data …: 2048
gpg: Max-Rsp-Data …: 2048
gpg: Cmd-Chaining …: no
gpg: Ext-Lc-Le …: yes
gpg: Status Indicator: 05
gpg: GnuPG-No-Sync …: no
gpg: GnuPG-Def-PW2 …: no
gpg: Key-Attr-sign …: RSA, n=2048, e=32, fmt=std
gpg: Key-Attr-encr …: RSA, n=2048, e=32, fmt=std
gpg: Key-Attr-auth …: RSA, n=2048, e=32, fmt=std
Signature key …: A820 56BC 3786 9058 0679 B23E 1A6E 3094 D4DD 137D
Encryption key…: BE95 128D 1E80 9936 EC6C F595 38E6 CA1A 2FB2 7956
Authentication key: [none]

Then it asks me which subkey I want to generate, I answer 3 for Authentication key. I’m then asked for Admin PIN, then PIN, and then which keysize I want, I answer that last one by accepting the default by pressing enter. I then get the following response:
Key is protected.
gpg: secret key parts are not available
gpg: Nøkkelgenerering mislyktes: generell feil (Key generation failed, general error)

Am I doing something wrong, or is it some HW error with my Nitrokey?

Knut H.

As so often, the solution is quite simple. I had to use gpg2 to start edit-key like this:
gpg2 --expert --edit-key

The addcardey command then went smoothly.

Knut H.

Solution doesn’t apply to OP: generate key on device results in device error.

@NoiZtril For completeness: it is a general error message unfortunately. This time probably the cause is in GPG - see link.