I am following the instruction for installation of keys using Linux (openSUSE Tumbleweed) using the instructions for creating and then transferring the keys to the card. When I run the gpg instruction I get
gpg> keytocard
Really move the primary key? (y/N) y
gpg: selecting openpgp failed: No such device
gpg: key operation not possible: No such device
gpg>
The device is mounted on my system so what am I doing wrong please?
It looks like the device is not recognized by GnuPG. This is independent of the storage functionality (so mounting the device is not important here). There can be different reasons for GnuPG to not detect the device. Did you follow the instructions on https://nitrokey.com/start? Did you install other programs that may use the Nitrokey like OpenSC or alike? Sometimes these programs block the card exclusively. Sometimes you just need to unplug and reinsert the devices so that GnuPG can try to detect it once again.
Well, to be honest I often do not see the problem. I only had problems when using OpenSC before using GnuPG. In this case I unplug and reinsert the device. I never had the problem, that OpenSC uses the device by its own. I would suggest preventing this behavior of using the card without interaction of the user instead of trying to kill scdaemon all the time.
The ArchLinux wiki provides some hints on how to prevent the problems involving pcscd. But I do not fully understand or know how/if you can apply these tips to other distros. I have my doubts.
With configuration as in the linked guide, it works as you have described. Let me paste it here.
By default, scdaemon will try to connect directly to the device. This connection will fail if the reader is being used by another process. For example: the pcscd daemon used by OpenSC. To cope with this situation we should use the same underlying driver as opensc so they can work well together. In order to point scdaemon to use pcscd you should remove reader-port from ~/.gnupg/scdaemon.conf , specify the location to libpcsclite.so library and disable ccid so we make sure that we use pcscd:
# edit ~/.gnupg/scdaemon.conf file too look like this:
pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
disable-ccid
@Budgie2 Can you follow this guide and check? The full guide is here - some hints.
I am not sure yet. At first, I would want to know if this is actually applicable to all (or at least most) distributions and versions. I try to find out more about it these days.
Did not quite worked on my side unfortunately (Fedora 29), so I have reverted the config changes. The default setup seems to be more stable, even when it requires manual kill. Will look into this further, when time permits - perhaps only some fine-tuning is needed.