gpg --expert --full-generate-key fails to recognize card

[JustusW]

While trying to setup gpg to utilize the RSA signature certificate on the YubiKey the setup in gpg --expert --full-generate-key works as expected until the last step where it indefinitely prompts the user to insert the card with the same id shown in gpg --card-status. This is independent whether a handle is provided for the option "existing key" or the option "existing key on card" is chosen. In the later case all three keys on the card are correctly recognized and offered to chose, but no customization is permitted.

I'm unable to further debug this without assistance.

`Justus.Wingert@dm-** ~ % cat .gnupg/gpg.conf
use-agent Justus.Wingert@dm-** ~ % cat .gnupg/gpg-agent.conf default-cache-ttl 600 max-cache-ttl 7200

enable-ssh-support

pinentry-program /usr/local/bin/pinentry scdaemon-program /usr/local/bin/gnupg-pkcs11-scd Justus.Wingert@dm-** ~ % cat .gnupg/gpg-pkcs11-scd.conf providers pkcs11 provider-pkcs11-library /usr/local/lib/opensc-pkcs11.so

log-file ~/.gnupg/gnupg-pkcs11-scd.log verbose debug-all Justus.Wingert@dm-** ~ % `

[alonbl]

Hi, There are known issues with opensc yubikey implementation, please use the yubikey implementation[1] Also make sure that you use the recent pkcs11-helper, as yubikey secondary authentication is supported only in recent version. Thanks,

[1] https://developers.yubico.com/yubico-piv-tool/YKCS11/