New dongles may have a factory default PIN or a previously loaded key. Let’s wipe it clean.
Before you begin the technical steps, you need the right tools and a strategy.
Change them immediately:
Edit ~/.gnupg/scdaemon.conf :
💡 Record these PINs in a password manager. Losing the Admin PIN means you cannot change the card’s configuration. gpg dongle setup
Restart and add to shell profile ( ~/.bashrc or ~/.zshrc ):
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) New dongles may have a factory default PIN
| Problem | Likely Fix | |---------|-------------| | No card found | Restart pcscd : sudo systemctl restart pcscd | | PIN retry exceeded | Card is locked forever. Buy a new dongle. | | Bad PIN despite correct one | Check numlock, also try gpg --card-edit → verify | | YubiKey not detected on macOS | Install brew install libusb , then ykman openpgp info | | SSH fails with signing failed: agent refused | Add enable-ssh-support to ~/.gnupg/gpg-agent.conf and restart agent |
# PC/SC driver pcsc-driver /usr/lib/libpcsclite.so # Disable CCID (for YubiKey) disable-ccid # Enable card removal notification card-timeout 5 Change them immediately: Edit ~/