Yubico Forum

Re: Yubikey + OpenPGP keytocard error

2016-04-04T19:35:51+01:00

dont Forget to mark as Solved in the thirst Message.

I was in the same Situation. And i ve canged my pin too (Sucsessfuly).
Yes yes the Standart pin

Okey Byby

Statistics: Posted by HDDControler — Mon Apr 04, 2016 7:35 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-04T18:13:29+01:00

I've got the pins changed.

I got my test key successfully added to the card. I tested uploading just the subkey and wasn't successful.

Thanks for all the pointers and help getting me off the ground with my pgp keys.

Statistics: Posted by cblazek — Mon Apr 04, 2016 6:13 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-04T17:47:13+01:00

Hey ho. Here i Can Help:

User-Pin (Standart): 123456
Admin-Pin (Standart): 12345678

And dont Forget :
Once tree times the wrong User pin then you must (You Have to ) unblock with your Admin-Pin!
3 x Wrong Admin Pin --> Yubikey is damaged for ever!!

Good Luck
By. Hey, see the thread:
http://forum.yubico.com/viewtopic.php?f=35&t=2219
There i wrote the way to create a new Keypair. Pins you have now.
:->
Please write back.

Statistics: Posted by HDDControler — Mon Apr 04, 2016 5:47 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-04T14:25:49+01:00

It looks like my initial issue was with using my original private key. I created another new key that was solely RSA 2048 for primary and sub and I got a little further.

I was asked for an admin pin and I have no clue what that would be. I found the card-edit tool where you can enter admin commands and change the admin PIN but I don't know what the original PIN would be.

Statistics: Posted by cblazek — Mon Apr 04, 2016 2:25 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-08T15:02:29+01:00

It's the yubikey4. I haven't done the reset because I just barely received it and haven't set anything up with it yet. I may try that tonight when I get free time.

Statistics: Posted by cblazek — Sun Apr 03, 2016 10:32 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-03T22:26:41+01:00

Hey Im newbie But Here is what ive learned:

YUBIKEY isnt YUBIKEY !!

My Yubikey4 Supports 2048 Bit Key but Have to Suport 4096 Bit !!

BUT YUBIKEY NEO Cant store 4096 Bit Keys for OpenGPG
The Limit is 2048 Bit Key.
So i Ask :

What Version You Have Exactly???
Is it an older Version?

See here:
https://www.yubico.com/products/yubikey-hardware/

Statistics: Posted by HDDControler — Sun Apr 03, 2016 10:26 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-02T15:31:58+01:00

I've checked the versions and followed the tutorial.

Code:

10036$ gpg2 --version                                                                                                                                        ‹›
gpg (GnuPG/MacGPG2) 2.0.28
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Code:

10037$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye                                                                                                   ‹›
D[0000]  04 02 08 90 00                                     .....
OK

My key pub is 1024D but subkeys are 2048R. Could my issue be that I used DSA on the original key? I'm also doing this on a mac using gpgtools.

Code:

10040$ gpg --edit-key B43BA2E0                                                                                                                               ‹›
gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  1024D/563FD864  created: 2000-08-07  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
sub  2048R/AF2C1F8D  created: 2006-04-29  expires: never       usage: E
sub  2048R/B43BA2E0  created: 2016-04-01  expires: never       usage: A

Thanks for your help!

Statistics: Posted by cblazek — Sat Apr 02, 2016 3:31 pm

Re: Yubikey + OpenPGP keytocard error

2016-04-02T05:17:09+01:00

Should work just fine. I would recommend resetting the OpenPGP applet:

https://developers.yubico.com/ykneo-ope ... pplet.html

and following the instructions here to move the subkeys to your YubiKey:

https://developers.yubico.com/PGP/Importing_keys.html

I would say the most likely cause of the issue is an old version of gpg, or you're trying to move a non-RSA key to the card.

Statistics: Posted by ChrisHalos — Sat Apr 02, 2016 5:17 am

Yubikey + OpenPGP keytocard error

2016-04-08T15:03:57+01:00

I'm trying to copy my gpg key to my yubikey 4 and I'm getting an error saying that,
"You may only store a 1024 bit RSA key on the card" when I type keytocard from the gpg prompt.

Code:

pub  1024D/563FD864  created: 2000-08-07  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
sub  2048R/AF2C1F8D  created: 2006-04-29  expires: never       usage: E
sub  2048R/B43BA2E0  created: 2016-04-01  expires: never       usage: A

My pub key is 1024 with 2 sub keys of 2048 length. Am I missing something or do I need to generate a new 1024 key?

I'd rather use the key that I have.

Thanks in advance!
Chris

SOLVED:
I was able to copy a new 4096 Master RSA key to the card and have been successfully using it in gpg applications. After reading some pointers on keeping the Master key off the card, I plan on just storing the subkey on the card.

Statistics: Posted by cblazek — Fri Apr 01, 2016 7:31 pm