Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:15 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Sep 07, 2016 5:37 am 
Offline

Joined: Fri Aug 26, 2016 4:44 am
Posts: 11
I'm using pass to store passwords, encrypted with my GPG key. Today I went to retrieve several passwords and one surprised me by not unlocking (the others decrypt just fine).

After it failed, I examined the file itself in the storage. Using simply 'gpg2 -d thefile.gpg', I am prompted for my pin, then my Yubikey4 requests a touch (blinks until I touch it), then I get information about they keys the file was encrypted with (mine and a coworker), followed by this:

Code:
gpg: public key decryption failed: Hardware problem
gpg: decryption failed: No secret key


I found this quite odd, especially since the other files in the storage decrypt just fine with this Yubikey4.

I tried a few things to get more information; I recovered the original private key from backup, not on the Yubikey4, and was able to decrypt the file with that. I re-encrypted the data with the same encryption keys, and the new file is able to be decrypted with both the yubikey4 and the software key. The only difference I can figure is that the Yubikey4 doesn't like the session key. Unfortunately, I can't figure out how to force gpg2 to use a particular session key for encryption; the --override-session-key flag seems to only affect decryption.

I'm open to other suggestions on how to debug this. I'm hoping somehow its a bug in gpg2 and not in the Yubikey4 itself.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Sep 12, 2016 3:06 am 
Offline

Joined: Fri Aug 26, 2016 4:44 am
Posts: 11
I just tried putting the private key onto a different Yubikey by restoring from the backup (a Yubikey4-nano this time. note: not the one I messed up in another thread) and am seeing the same issue with that unit. Every file I try to decrypt a file that was encrypted with this pgp key works except for this one file that fails to decrypt with either Yubikey.

However, I'm also now noticing that attempting to decrypt this one file results in the Yubikey not blinking prior to reporting the error, whereas the other files cause the Yubikey to blink. I think this means that gpg2 is reporting the error prior to even accessing the Yubikey, but I don't know what actually causes the blinking.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group