Yubico Forum :: View topic - [QUESTION] PIV & U2F don't seem to co-exist on Mac?

$ opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubico Yubikey NEO OTP+CCID

$ gpg --card-status
Application ID ...: D2760001240102000006030212890000
Version ..........: 2.0
<snip>

Screenshot 2014-12-30 00.38.04.png [ 122.56 KiB | Viewed 1925 times ]

$ opensc-tool -l
No smart card readers found.

$ gpg --card-status
gpg: pcsc_connect failed: unknown reader (0x80100009)
gpg: apdu_send_simple(0) failed: general error
Please insert the card and hit return or enter 'c' to cancel: c
gpg: selecting openpgp failed: general error
gpg: OpenPGP card not available: general error

Screenshot 2014-12-30 00.38.13.png [ 114.27 KiB | Viewed 1925 times ]

YubiKey Neo 3.3.0
YubiKey NEO Manager 1.1.0
libykneomgr: 0.1.6
ykpers: 1.16.2
libu2f-host: 0.0.2

Author:	jbergler [ Tue Dec 30, 2014 1:46 am ]
Post subject:	[QUESTION] PIV & U2F don't seem to co-exist on Mac?
I'm having issues talking to the open-pgp and piv applets when I set the mode on my NEO to OTP + CCID + U2F. It doesn't seem to matter if Chrome (the only app using U2F is running or not) If I disable the U2F mode then everything works as expected but I can't use U2F (as expected). I also notice that when U2F is enabled, the YubiKey Neo Manager doesn't list any available apps. I've seen a few other threads here with similar issues - but those all seem to be udev related on various linux distro's. From what I can tell this should not be the expected behavior? With U2F disabled: Code: $ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0 Yes Yubico Yubikey NEO OTP+CCID $ gpg --card-status Application ID ...: D2760001240102000006030212890000 Version ..........: 2.0 <snip> Attachment: Screenshot 2014-12-30 00.38.04.png [ 122.56 KiB \| Viewed 1925 times ] With U2F enabled: Code: $ opensc-tool -l No smart card readers found. $ gpg --card-status gpg: pcsc_connect failed: unknown reader (0x80100009) gpg: apdu_send_simple(0) failed: general error Please insert the card and hit return or enter 'c' to cancel: c gpg: selecting openpgp failed: general error gpg: OpenPGP card not available: general error Attachment: Screenshot 2014-12-30 00.38.13.png [ 114.27 KiB \| Viewed 1925 times ] Code: YubiKey Neo 3.3.0 YubiKey NEO Manager 1.1.0 libykneomgr: 0.1.6 ykpers: 1.16.2 libu2f-host: 0.0.2

Author:	jbergler [ Tue Dec 30, 2014 12:00 pm ]
Post subject:	Re: [QUESTION] PIV & U2F don't seem to co-exist on Mac?
I did some more digging today and it looks like the osx-patch-ccid script patched in the USB ID's for U2F combinations. I'm running OS X v10.10.1 which ships with version 1.4.14 of pcsclite and the U2F combinations were added in 1.4.18 so this isn't surprising. Manually removing the U2F combinations and killing pcsc like the script does manages to replicate the behavior I was seeing earlier. Running the script again makes everything behave as expected without a reboot. I'll attempt to test this on a machine which hasn't had the package installed to try and verify this a little further but is there something else that installing YubiKey Neo Manager does that requires a reboot? Maybe the package installation should force a reboot?

Yubico Forum https://forum.yubico.com/

[QUESTION] PIV & U2F don't seem to co-exist on Mac? https://forum.yubico.com/viewtopic.php?f=26&t=1689	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/