Why do GnuPG 2 and gpg-connect-agent fail with "ERR 67108983 No SmartCard daemon"?

scdaemon is missing

GnuPG 2 connects to the card through gpg-agent, which again does not include smart card capabilities, but accesses them through another application. This can be configured and has a system-dependent default, from man gpg-agent:

--scdaemon-program filename Use program filename as the Smartcard daemon. The default is installation dependent and can be shown with the gpgconf command. 

Doing so reveals GnuPG tries to run /usr/lib/gnupg2/scdaemon:

$ gpgconf gpg:GPG für OpenPGP:/usr/bin/gpg2 gpg-agent:GPG Agent:/usr/bin/gpg-agent scdaemon:Smartcard Daemon:/usr/lib/gnupg2/scdaemon [snip] 

But this is not available:

$ /usr/lib/gnupg2/scdaemon bash: /usr/lib/gnupg2/scdaemon2: No such file or directory 

Installing scdaemon

A quick query through apt-cache reveals that Debian pulled the scdaemon out of the gnupg2 package, likely because it introduces a bunch of new dependencies GnuPG otherwise wouldn't have:

Package: scdaemon Source: gnupg2 Version: 2.1.10-3 Installed-Size: 538 Maintainer: Debian GnuPG Maintainers <[email protected]> Architecture: amd64 Replaces: gpgsm (<< 2.0.18-2) Depends: gnupg-agent (= 2.1.10-3), libassuan0 (>= 2.2.0), libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libgpg-error0 (>= 1.14), libksba8 (>= 1.2.0), libnpth0 (>= 0.90), libusb-0.1-4 (>= 2:0.1.12) Breaks: gpgsm (<< 2.0.18-2) Description-en: GNU privacy guard - smart card support GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC4880. . This package contains the smart card program scdaemon, which is used by gnupg-agent to access OpenPGP smart cards. 

Installing it with sudo apt-get install scdaemon resolves the issue.