Yubico Forum

...visit our web-store at store.yubico.com
It is currently Thu Oct 19, 2017 3:34 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Tue Mar 14, 2017 5:40 am 
Offline

Joined: Tue Mar 14, 2017 5:31 am
Posts: 5
i followed josefsson's instructions for setting up a neo with pgp subkeys on debian.

everything seemed to work perfectly. but i cannot seem to sign or encrypt on windows (usb) or debian (usb) or android (usb|nfc). debian seems to be the most descriptive of all:

Code:
$ gpg --clearsign demo.txt
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: apdu_send_simple(0) failed: unknown status error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$


Code:
$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
(. . .)


if i enter the wrong pin, it throws a different error, and decrements the respective counter:

Code:
$ gpg --clearsign demo.txt
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: verify CHV1 failed: general error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 3 3
Signature counter : 0
(. . .)


so i know the problem is not that i am entering the wrong pin.

are there complexity requirements on the pin that may not be met? my user pin is 6 digits, admin pin is 8 digits.

please help! many thanks.


Last edited by jlr on Thu Apr 20, 2017 8:30 pm, edited 4 times in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Mar 15, 2017 8:56 pm 
Offline

Joined: Tue Mar 14, 2017 5:31 am
Posts: 5
windows logs this for scdaemon:

Code:
2017-03-15 12:55:51 scdaemon[6132] detected reader `Yubico Yubikey NEO OTP+U2F+CCID 0'
2017-03-15 12:55:51 scdaemon[6132] pcsc_control failed: invalid PC/SC error code (0x1)
2017-03-15 12:55:51 scdaemon[6132] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2017-03-15 12:55:52 scdaemon[6132] updating slot 0 status: 0x0000->0x0007 (0->1)
2017-03-15 12:55:52 scdaemon[6132] triggering event e4 (000000E4) for client -1
2017-03-15 12:55:52 scdaemon[6132] signatures created so far: 0
2017-03-15 12:55:52 scdaemon[6132] DBG: asking for PIN '||Please enter the PIN%0A[sigs done: 0]'
2017-03-15 12:55:59 scdaemon[6132] apdu_send_simple(0) failed: unknown status error
2017-03-15 12:55:59 scdaemon[6132] app_sign failed: Card error


then some of the information is missing, including counters:

Code:
gpg/card> quit
PS > gpg --card-status
Application ID ...: (. . .)
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: (. . .)
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: (. . .)
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: (. . .)
      created ....: 2017-03-11 15:44:33
Encryption key....: (. . .)
      created ....: 2017-03-11 16:09:22
Authentication key: (. . .)
      created ....: 2017-03-11 16:09:58
General key info..: sub  2048R/(. . .) 2017-03-11 (. . .)
sec#  4096R/(. . .)   created: 2017-03-11  expires: never
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
ssb>  2048R/(. . .)  created: 2017-03-11  expires: 2018-03-11
                      card-no: (. . .)
PS >


so strange.


Last edited by jlr on Thu Apr 20, 2017 8:32 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 17, 2017 10:49 pm 
Offline

Joined: Tue Mar 14, 2017 5:31 am
Posts: 5
OK, i figured out that i can encrypt and decrypt. but i can't sign. signing throws the error. and once signing throws the error, i can't encrypt again until i pull the card, kill gpg2-agent, and reinsert the card.

anyone know why this may be happening?


Last edited by jlr on Thu Apr 20, 2017 8:36 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 23, 2017 2:14 am 
Offline

Joined: Tue Mar 14, 2017 5:31 am
Posts: 5
One more note: specifying the specific subkey for signing does not solve the problem:

Code:
PS > gpg --armor -su signingSubKeyID .\demo.txt
File `.\\demo.txt.asc' exists. Overwrite? (y/N) y
gpg: signing failed: Card error
gpg: signing failed: Card error


I contacted Yubico support today. Hopefully they'll be able to help. I hope I just overlooked something silly!

The encryption works all fine and dandy, which is cool. So I'm close to having this all working...

I'll leave you all alone until I can mark this topic as solved. Thanks for looking, and sorry for the updates.


Last edited by jlr on Thu Apr 20, 2017 8:33 pm, edited 2 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 27, 2017 7:51 am 
Offline

Joined: Tue Mar 14, 2017 5:31 am
Posts: 5
I got it to work, with help of Yubico's Matthew.

I booted a kubuntu live OS, and installed the packages as listed by Simon (backports unnecessary).

I restored the secrets from my backup. I then moved the subkeys to the Neo, overwriting the old subkeys on the Neo.

That resolved all the issues.

Code:
kubuntu@kubuntu:~$ echo "secret demo message." | gpg -aser my@email.addr
-----BEGIN PGP MESSAGE-----

hQEMA1Vwruc5f1VdAQf7BLS//ZhaFTVUPpD17tlMLjHEjgA/M6+8ME8keSBLm6o1
CPa6Ipqlrpi26UuOEtmFMeTfFOxdLvMBm+cPM4NOnGtVHRYnMcuWLh2lxtuS8QSm
qtaRuBjAw4+nruIPuQLZCNLzi1dZULrpGxb4PGCB4fzrcFzCcPKKPbbUkiH+GWS+
ucbbwK8gBR+zX5vUn81tVT26CrXqO/nNovrqtnRf1ADs9J/KFgBSQJkRUaLK6he8
YQ1EIuTDMuh0LQ/AQyvzpEnL3+IsyZRctDL4ZvU0h87OaqKnbqoG9Lt17YxTq0qt
Is5iVnW99qxyJHUFGCl7PM0xUjkznhAoLCnfT+V63dLAuwGQxKZ+6IzAyKVrcNCc
mkEU4f/Y0z1Z/eIYZdm9MDS50c6ltw6RaHelTK6VLb64LLzNa2tLWZME5E8BjgqU
fot0eOW0GIILvLG8rXnwCO6JtGzOGqqdivCQlXX/ZPy6dC9QLPhw6K2su26So2kV
roIT/2mAPlJe1R+7yv9XADdJ6kAjbwAwwBDYhCuJ3FT7Bji3ag+RA0WP4KWx+EoJ
yNWkW0XftUreSsD3V7JUY6gB+KYCohcZ1rpdRrJ5S3LpYibx0mIHI7/Lo+6q7S+2
hstYqUqTZO7Dak7sSxMbMKYlfYKI+yBhwHXqi8bd4FEi1Epi+JLmegwhxRgsf2Z+
awgGzZVoDcqortMTD+Ew74DX3bafv3+XgxtqwPfFeaE5Mr5vYhDTKGQ7sYifBVXH
SdpaaiUw5iZNJM2YZXd0XA22PTL4C5VsUKHdJ+lKrSOCXG9otefVkgJibwSs4E/O
QWitH5h5kXZ5SFpjQ7aLnxz0yjLOUFtzbbuVLj4=
=Tohz
-----END PGP MESSAGE-----
kubuntu@kubuntu:~$


:D


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group