Yubico Forum

Re: [SOLVED] unknown status error when using subkeys on neo

2017-03-27T07:51:14+01:00

I got it to work, with help of Yubico's Matthew.

I booted a kubuntu live OS, and installed the packages as listed by Simon (backports unnecessary).

I restored the secrets from my backup. I then moved the subkeys to the Neo, overwriting the old subkeys on the Neo.

That resolved all the issues.

Code:

kubuntu@kubuntu:~$ echo "secret demo message." | gpg -aser my@email.addr
-----BEGIN PGP MESSAGE-----

hQEMA1Vwruc5f1VdAQf7BLS//ZhaFTVUPpD17tlMLjHEjgA/M6+8ME8keSBLm6o1
CPa6Ipqlrpi26UuOEtmFMeTfFOxdLvMBm+cPM4NOnGtVHRYnMcuWLh2lxtuS8QSm
qtaRuBjAw4+nruIPuQLZCNLzi1dZULrpGxb4PGCB4fzrcFzCcPKKPbbUkiH+GWS+
ucbbwK8gBR+zX5vUn81tVT26CrXqO/nNovrqtnRf1ADs9J/KFgBSQJkRUaLK6he8
YQ1EIuTDMuh0LQ/AQyvzpEnL3+IsyZRctDL4ZvU0h87OaqKnbqoG9Lt17YxTq0qt
Is5iVnW99qxyJHUFGCl7PM0xUjkznhAoLCnfT+V63dLAuwGQxKZ+6IzAyKVrcNCc
mkEU4f/Y0z1Z/eIYZdm9MDS50c6ltw6RaHelTK6VLb64LLzNa2tLWZME5E8BjgqU
fot0eOW0GIILvLG8rXnwCO6JtGzOGqqdivCQlXX/ZPy6dC9QLPhw6K2su26So2kV
roIT/2mAPlJe1R+7yv9XADdJ6kAjbwAwwBDYhCuJ3FT7Bji3ag+RA0WP4KWx+EoJ
yNWkW0XftUreSsD3V7JUY6gB+KYCohcZ1rpdRrJ5S3LpYibx0mIHI7/Lo+6q7S+2
hstYqUqTZO7Dak7sSxMbMKYlfYKI+yBhwHXqi8bd4FEi1Epi+JLmegwhxRgsf2Z+
awgGzZVoDcqortMTD+Ew74DX3bafv3+XgxtqwPfFeaE5Mr5vYhDTKGQ7sYifBVXH
SdpaaiUw5iZNJM2YZXd0XA22PTL4C5VsUKHdJ+lKrSOCXG9otefVkgJibwSs4E/O
QWitH5h5kXZ5SFpjQ7aLnxz0yjLOUFtzbbuVLj4=
=Tohz
-----END PGP MESSAGE-----
kubuntu@kubuntu:~$

Statistics: Posted by jlr — Mon Mar 27, 2017 7:51 am

Re: [QUESTION] unknown status error when using subkeys on ne

2017-04-20T20:33:58+01:00

One more note: specifying the specific subkey for signing does not solve the problem:

Code:

PS > gpg --armor -su signingSubKeyID .\demo.txt
File `.\\demo.txt.asc' exists. Overwrite? (y/N) y
gpg: signing failed: Card error
gpg: signing failed: Card error

I contacted Yubico support today. Hopefully they'll be able to help. I hope I just overlooked something silly!

The encryption works all fine and dandy, which is cool. So I'm close to having this all working...

I'll leave you all alone until I can mark this topic as solved. Thanks for looking, and sorry for the updates.

Statistics: Posted by jlr — Thu Mar 23, 2017 2:14 am

Re: [QUESTION] unknown status error when using subkeys on ne

2017-04-20T20:36:09+01:00

OK, i figured out that i can encrypt and decrypt. but i can't sign. signing throws the error. and once signing throws the error, i can't encrypt again until i pull the card, kill gpg2-agent, and reinsert the card.

anyone know why this may be happening?

Statistics: Posted by jlr — Fri Mar 17, 2017 10:49 pm

Re: [QUESTION] unknown status error when using subkeys on ne

2017-04-20T20:32:17+01:00

windows logs this for scdaemon:

Code:

2017-03-15 12:55:51 scdaemon[6132] detected reader `Yubico Yubikey NEO OTP+U2F+CCID 0'
2017-03-15 12:55:51 scdaemon[6132] pcsc_control failed: invalid PC/SC error code (0x1)
2017-03-15 12:55:51 scdaemon[6132] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2017-03-15 12:55:52 scdaemon[6132] updating slot 0 status: 0x0000->0x0007 (0->1)
2017-03-15 12:55:52 scdaemon[6132] triggering event e4 (000000E4) for client -1
2017-03-15 12:55:52 scdaemon[6132] signatures created so far: 0
2017-03-15 12:55:52 scdaemon[6132] DBG: asking for PIN '||Please enter the PIN%0A[sigs done: 0]'
2017-03-15 12:55:59 scdaemon[6132] apdu_send_simple(0) failed: unknown status error
2017-03-15 12:55:59 scdaemon[6132] app_sign failed: Card error

then some of the information is missing, including counters:

Code:

gpg/card> quit
PS > gpg --card-status
Application ID ...: (. . .)
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: (. . .)
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: (. . .)
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: (. . .)
      created ....: 2017-03-11 15:44:33
Encryption key....: (. . .)
      created ....: 2017-03-11 16:09:22
Authentication key: (. . .)
      created ....: 2017-03-11 16:09:58
General key info..: sub  2048R/(. . .) 2017-03-11 (. . .)
sec#  4096R/(. . .)   created: 2017-03-11  expires: never
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
PS >

so strange.

Statistics: Posted by jlr — Wed Mar 15, 2017 8:56 pm

[SOLVED] unknown status error when using subkeys on neo

2017-04-20T20:30:56+01:00

i followed josefsson's instructions for setting up a neo with pgp subkeys on debian.

everything seemed to work perfectly. but i cannot seem to sign or encrypt on windows (usb) or debian (usb) or android (usb|nfc). debian seems to be the most descriptive of all:

Code:

$ gpg --clearsign demo.txt 
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: apdu_send_simple(0) failed: unknown status error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$

Code:

$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
(. . .)

if i enter the wrong pin, it throws a different error, and decrements the respective counter:

Code:

$ gpg --clearsign demo.txt 
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: verify CHV1 failed: general error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 3 3
Signature counter : 0
(. . .)

so i know the problem is not that i am entering the wrong pin.

are there complexity requirements on the pin that may not be met? my user pin is 6 digits, admin pin is 8 digits.

please help! many thanks.

Statistics: Posted by jlr — Tue Mar 14, 2017 5:40 am