So, I updated my NK3A and tried to keytocard my GPG key. First try I could not decrypt anything, so I deleted my key completely from the NK3A and via gpg. After reimporting and transferring it to the key, I got decrypting working, but I often have to unplug and replug the key. This is the case for using GPG as well for ssh keys using ssh-add -K.
Anyone else has this “have you tried turning it off and on again” behaviour with their key?
Hi! Thank you for the report.
Are you using an AN (NFC) or AM (Mini) device?
When you need to unplug the device, is the led of the device active?
I have the NFC version. The LED is behaving like the “normal” successful process (s. attached picture) but way shorter (I would say 0.5-1 second) and gpg is telling me that the decryption failed. If gpp --decrypt... is successful, the process takes about 3 seconds. I observe this behaviour after every boot. Once unplugged and plugged in again, decrypting is working.
EDIT: Funnily enough, rebooting results to red LED when unlocking a LUKS partition now. I have to wait for the timeout and emergency mode (systemd) and then unlocking of the partition is working. That wasn’t a thing before the update. Powering off and booting again is working without a problem.
EDIT2: Forget the error message:
gpg: public key decryption failed: Card error
gpg: decryption failed: No secret key
EDIT3: It’s getting wild:
After a fresh boot:
ssh-add -K works; gpg --decrypt does notgpg --decrypt works but after that ssh-add -Kdoes not and the red LED lights upssh-add -Kworks and after that decrypting does notBasically, whatever I do first after unplugging the key disables the 2nd functionality (except for the first time after a fresh boot. Only adding resident ssh key is working).