Gpg Dongle Setup

💡 Record these PINs in a password manager. Losing the Admin PIN means you cannot change the card’s configuration.

(Homebrew):

Select destination slot (1=Sign, 2=Encrypt, 3=Authenticate). Repeat for each subkey.

Before starting, ensure you have a compatible device. The most popular choice is a YubiKey (specifically the 5 Series), but other options like Nitrokey or the Librem Key also work via the OpenPGP standard. gpg dongle setup

Create a revocation cert while you still have access:

Whether you’re a developer signing commits, a journalist encrypting sources, or just a privacy-conscious user, investing a few hours in pays back in peace of mind for years.

Edit ~/.gnupg/gpg-agent.conf :

# PC/SC driver pcsc-driver /usr/lib/libpcsclite.so # Disable CCID (for YubiKey) disable-ccid # Enable card removal notification card-timeout 5

New dongles may have a factory default PIN or a previously loaded key. Let’s wipe it clean.

Expected output shows:

When finished, the dongle will compute the key (takes 10-30 seconds). You’ll see:

If you already have a GPG key, you can move the subkeys to the card. gpg --edit-key your_email@example.com > keytocard Use code with caution. Copied to clipboard Step 4: Configure