NK3 public key cannot be exported

I used my NK3 in the past about a year ago. It contains signature, encryption and authentication keys.

Now, I am trying to set NK3 up on a new Fedora 44 computer.

gpg2 --card-status shows correct card details. pcsc_scan -r also successfully sees NK3.

Problem is I cannot export public key from the card.

Whenever I run gpg2 --armor --export it always shows gpg: WARNING: nothing exported

I tried passing in NK3 “Serial number”, “Application ID”, “Signature key” (40 character long fingerprint). Nothing has ever been exported.

I tried gpgsm --learn-card - NK3 blinked but gpg2 -k still returns nothing.

I also tried using Card Manager in GPA but it was never able to see the NK3.

In case it is relevant, firmware version is 1.5.0

Version 1.8.3 is recent with 1.9.0 looming. So you may consider to update the firmware.

Do you think it will resolve the issue without losing the keys?

I use the key to encrypt some important information and really hoping to be able to decrypt it.
If there is even a small risk of data loss, I would rather export the key first, decrypt the data and then update the firmware.

No one will give you a 100% error free guarantee. Never work with encryption keys without a unencrypted backup of your worthy data.

You may get the results you expected on an older system. Your firmware version is about 4years old, some things are evolving.

In case you created the GPG key to device, you cannot restore a public key from the data that gets exposed by the Nitro key. Unfortunately, the public key gets derived onetime during creation based on the asymmetric secret material that never leaves the token. So a full backup includes the saved public key that gets created together with the private key. Without that, you can still use the GPG key for ssh but not for receiving GPG encrypted messages.