Gpg Dongle Setup May 2026

gpg --edit-key YOUR_KEYID gpg> keytocard Select destination slot (1=Sign, 2=Encrypt, 3=Authenticate). Repeat for each subkey. Extract the authentication key for SSH:

gpg --export-ssh-key YOUR_KEYID > ~/.ssh/id_rsa_gpg.pub Add to ~/.ssh/config :

sudo pacman -S gnupg pcsc-tools Plug in your dongle and check if the system sees it: gpg dongle setup

gpgconf --kill gpg-agent Set admin PIN, user PIN, and reset code (optional):

export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) Test SSH: gpg --edit-key YOUR_KEYID gpg&gt

enable-ssh-support Restart and add to shell profile ( ~/.bashrc or ~/.zshrc ):

gpg --card-status Expected output shows: keytocard Select destination slot (1=Sign

Host * IdentityFile ~/.ssh/id_rsa_gpg.pub IdentitiesOnly yes Enable SSH agent forwarding in ~/.gnupg/gpg-agent.conf :