app-openpgp: Can't configure card

Are there any issues with the openpgp card app after the last firmware update to the ledger nano s? I can generate passwords and sign documents with it, but I fail to even get a card-status update. Everytime I try I get a message like this:

DIEGOs-Mac-Pro:~ diego$ gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device
gpg: tarjeta OpenPGP no disponible: Operation not supported by device

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 7
Comments: 18 (1 by maintainers)

Most upvoted comments

Why is this closed? The problem seems to still exsit… I found now way to use my ledger nano X for OpenPGP on macOS.

JannikWempe on Feb 17, 2021

@cslashm bonjour, unfortunately even with the latest #01: org.debian.alioth.pcsclite.smartcardccid:1.4.32 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle) installed on mac os Catalina my ledger nano x is still undetectable as a smart card in OpenPGP app mode. When will we have a natural support for ledger smart card on mac os? it’s been three years and the issue is still not solved. Merci

bereska on Aug 11, 2020

You need to have the latest drivers for Ledger Nano S org.debian.alioth.pcsclite.smartcardccid:1.4.30

system_profiler SPSmartCardsDataType
SmartCards:

    Readers:

      #01: Ledger Nano S (ATR:<3b00>)

    Reader Drivers:

      #01: org.debian.alioth.pcsclite.smartcardccid:1.4.27 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
      #02: org.debian.alioth.pcsclite.smartcardccid:1.4.30 (/usr/local/libexec/SmartCardServices/drivers/ifd-ccid.bundle)

I made a tutorial for GPG tools, Ledger nano S and Mojave. Please follow the link below: https://github.com/savenas/docs/blob/master/gpg_ledger_mojave.md

savenas on Oct 7, 2018

@savenas your tutorial is unavailable any more? I am struggling to install 1.4.30 driver to my mac to detect Nano X as smart card

bereska on Jan 6, 2020

Issue still persists on macOS Big Sur 11.6.1 using GnuPG 2.2.32 (the latest version at the time of writing). I also have the correct driver org.debian.alioth.pcsclite.smartcardccid:1.4.32 and libusb 1.0.24 is installed and up to date according to brew.

Tried both a Nano S and Nano X and the OpenPGP and OpenPGP.XL apps. Firmware on both Ledgers is up to date as were the apps.

Just like everyone else I am still getting the same error no matter what when running commands from gpg, including after setting GNUPGHOME to the ~/.gnupg/ledger directory:

gpg --card-status
gpg: selecting card failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device

However… using the Python scripts I was able to successfully run:

ledger-gpg init “Name email@domain.tld” -e ed25519 -v

On my Nano X (although it crashed my Nano S, but it was able to create an RSA key for it, so maybe the S is not compatible with ECC?), and when I used the ~/.gnupg/ledger directory as GNUPGHOME running gpg -K listed only the new PGP key I just generated.

So it’s not fully unable to connect, something is working somewhere, the Ledger is just not able to connect to the gpg-agent so commands are not passed through gpg (gpg -K worked because it just reads the keychain db, and I changed the environment variable to point it at the Ledger one stored in my home folder, it still won’t interact with the Ledger).

I believe there is a config you can put into gpg.conf that lets you point it to a different agent, and if you point it to the path of ledger-gpg-agent that might fix it. I don’t want to risk losing my existing keychain though so I just undid all the changes and left it.

This has pushed me to look into Yubikey and similar devices though, if they have a functional USB interface instead of all this mess they certainly seem very useful for security. Shame I couldn’t use the device I already have though.

ftpmorph on Nov 10, 2021

Cool @savenas - Will try that out asap.

kaspersoerensen on Oct 9, 2018