Re: [QUESTION] Problems importing gpg key into Yubikey Neo

2014-03-10T21:05:18+01:00

OK, turns out that what I needed was to have pcscd daemon running, with that I was able to upload the new applet and import keys (didn't think to try uploading keys before I uploaded applet).

Statistics: Posted by viq — Mon Mar 10, 2014 9:05 pm

[SOLVED] Problems importing gpg key into Yubikey Neo

2014-03-10T21:05:43+01:00

I am trying to upload to Neo my gpg keys, and encountering problems. I changed user and admin PINs, I tried generating keys on the card and that works well, but that's not what I want. I generated a 2048 bit RSA keys, it should be the proper set from what I read so far:

Code:

pub  2048R/D7C09909  created: 2014-02-24  expires: 2014-03-31  usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/CB5512C0  created: 2014-02-24  expires: 2014-03-31  usage: E   
sub  2048R/A18425B3  created: 2014-02-24  expires: 2014-03-31  usage: S   
sub  2048R/E094ED10  created: 2014-02-24  expires: 2014-03-31  usage: E   
sub  2048R/7FFE9E1E  created: 2014-02-28  expires: 2014-03-30  usage: A   

Now I try to upload it to card:

Code:

toggle
key 4
keytocard 
scdaemon[5524]: updating slot 0 status: 0x0000->0x0007 (0->1)
The card does not support the import of keys

Fine, I may have too old version of the applet (it was bought in the christmas sale). Time to try and put a newer version of the applet on there.

Code:

gpg --verify ykneo-openpgp-1.0.5.cap.sig 
gpg: Signature made 2013-10-10T15:53:29 CEST using RSA key ID 105E722E
gpg: Good signature from "Simon Josefsson "
gpg:                 aka "Simon Josefsson "

and

Code:

$ cat gpinstall-test.txt 
mode_211
enable_trace

establish_context
card_connect
select -AID a000000003000000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f

delete -AID D2760001240102000000000000010000
delete -AID D27600012401

install -file /tmp/ykneo-openpgp-1.0.5.cap -instParam 00 -priv 00
card_disconnect
release_context

OK, time to put the applet on the card:

Code:

$ gpshell ./gpinstall-test.txt 
mode_211
enable_trace
establish_context
establish_context failed with error 0x8010001D (Service not available.)

...and I wasn't able to figure out what to do now. Key is in mode 82:

Code:

$ lsusb | grep -i yubi
Bus 001 Device 008: ID 1050:0111 Yubico.com Yubikey NEO OTP+CCID

and udev sets me as the owner of the device node. No idea what else to try...

Additional info: computer is thinkpad x201, I don't believe it has any built in card reader, lspci and lsusb don't show anything that I would read as such. I tried it both under 64 bit archlinux and 32bit ubuntu 13.04 and 13.10, with same results.

Any ideas what the problem is? Is it that the applet is too old for this functionality, or is there another issue? If it's too old, how do I convince the system to put a newer applet on the key?

Statistics: Posted by viq — Mon Mar 10, 2014 4:45 pm

Yubico Forum

Re: [QUESTION] Problems importing gpg key into Yubikey Neo

[SOLVED] Problems importing gpg key into Yubikey Neo