I recently started to use Token2 "T2F2-PIN+ Release3 TypeC" Keys to store SSH Keys use them for (T)OTP and U2F/FIDO2.
But GnuPG did not work out of the box on my Arch Linux notebook.
The initial situation looked like this:
$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
As my Yubikeys worked as expected I assumed no general setup issue.
By disabling pcscd (which I enabled for the Yubikeys) and removing disable-ccid from the scdaemon config I could access the Token2 using GnuPG
After some investigation I found out the Token2 is not listed in /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist
As soon as I added the VendorId and ProductId to /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist I could reenabled pcscd and add disable-ccid to the scdaemon config.
Then I could use GnuPG successfully until I used another feature of the Token as SSH, OTP or U2F.
As workaround I wrote a gpg wrapper placed in /usr/local/bin/gpg which checks if the token is detected, if not I kills the scdaemon.
#!/bin/bash
/usr/bin/gpg --card-status &> /dev/null
if [ $? != 0 ]
then
gpgconf --kill scdaemon
fi
# Start the real gpg
/usr/bin/gpg "$@" <&0
This script allows to reliably sign git commits using GnuPG with the private key on the Token2 and then push using the SSH private key on the same Token2.