December 7, 2016

Smart card with GPG

My smart card is Yubikey 4, maybe you can follow this post, he writes very well, but some details not provided, so I just summary steps with some details:

Linux (Ubuntu)

There are some system based issues, if you don’t use Ubuntu, maybe you could live fine :)

  1. install gnupg2 via apt-get and don’t compile it by yourself.
  2. generate your keys on a very safe way, you can follow this link
  3. move key to smart card
  4. follow

The key is disable gnome-keyring for ssh and gpg, and enable gpg-agent for gpg and ssh, the oh-my-zsh plugin solution is good for me, you can try it.


Similar with Windows

  1. Download GPGSuits
  2. Open GPG Keychain
  3. Import your key from keyserver or other places
  4. Open Terminal and run: gpg --card-status
  5. Insert your smart card
  6. Quit GPG Keychain and start it again, your will find you imported key and your private key

Windows 10

last step is very important

  1. Download latested GPG4Win from
  2. Open installed GPG4Win (aka Kleopatra)
  3. Import your public key from keyserver or other places or other format (e.g. public key file or keybase)
  4. Insert your smart card
  5. Open cmd and run: gpg --card-status, if it works, it will display your smart card info, and then Kleopatra will get your private key, you can change you imported key to trust ultimately.

PS: Sometimes, you maybe get a Broken pipe error, just terminate GPG private key daemon and GPG smart card daemon, and do it again.

Powered by Hugo & Kiss.