(Nitrokey 3 - macOS)
Here you will find a collection of common issues.
If the Nitrokey is not detected, proceed as follows:
Copy this file 41-nitrokey.rules to
Restart udev via
sudo service udev restart.
Currently there seems to be a bug we hope to fix soon which affects the Nitrokey 3 working with some Google and Microsoft Services per FIDO2.
There is a bug with the Nitrokey being recognized by the system, where a timeout occurs before the connection succeeds.
Please make sure FIDO2 is working correctly. Otherwise NFC won’t work either.
Also check if you are using the right spot on your smartphone. Find the right spot using: nfc.fail.
The backside of the Nitrokey has to be held against the smartphone. For the USB-A version it might be helpful to lift the side with the USB connector slightly to reduce the distance to the end part of the stick.
If you have a phone cover, try to find the right spot first without it. Retry afterwards with the cover.
The search of the optimal spot sometimes took up to 20-30 sec. In our experience holding the Nitrokey in an horizontal orientation yields better results.If you still encounter issues please write a mail to our support. For optimal help please include the shipping/order number and your smartphone model.
Problem: GnuPG cannot access the Nitrokey 3 and shows an error message like this:
$ gpg --card-status gpg: selecting openpgp failed: No such device gpg: OpenPGP card not available: No such device
There are two common smartcard services on Linux systems:
scdaemon, GnuPG’s smartcard daemon, and
pcscd, a generic smartcard daemon.
scdaemon has two drivers for accessing smartcards:
ccid driver tries to directly access the smartcard.
pcsc drivers uses the
pcscd daemon instead.
A smartcard can only be accessed directly by one daemon.
This means that depending on the startup order,
pcscd might lock the card before
scdaemon tries to access it using the internal
Therefore we recommend to use the
pcscd driver for
You can activate it by adding
disable-ccid to the
~/.gnupg/scdaemon.conf config file and restarting
scdaemon, for example with
gpg-connect-agent "SCD KILLSCD" /bye.
If this does not fix the problem, see the next section for more information.
Alternatively, you can deactivate or uninstall
pcscd to avoid this conflict.
An application using
pcscd does not show the Nitrokey 3.
First, make sure that
scdaemon is not running (see the previous section):
$ gpg-connect-agent "SCD KILLSCD" /bye
Now list the smartcards recognized by
You should see an entry like this one:
$ pcsc_scan -r Using reader plug'n play mechanism Scanning present readers.. 0: Nitrokey 3 [CCID/ICCD Interface] 00 00
If the Nitrokey 3 shows up, it is recognized correctly by
pcscd and there might be an issue with the application that tries to access it.
If it does not show up, make sure that your
libccid version is up to date.
Support for the Nitrokey 3 was added in
If you cannot update
libccid to a supported version, you have to manually update the device database.
The path of the database depends on your distribution:
Arch, Debian, Ubuntu:
Make sure to backup the file before overwriting it.
You can download an updated device database file from the
After updating the file, restart
pcscd and run
pcsc_scan -r again.
The Nitrokey 3 should now show up.
Currently the web updater doesn’t support the Nitrokey 3. However you can get the latest firmware using these instructions.