Yubico Forum

I'm using pass to store passwords, encrypted with my GPG key. Today I went to retrieve several passwords and one surprised me by not unlocking (the others decrypt just fine).

After it failed, I examined the file itself in the storage. Using simply 'gpg2 -d thefile.gpg', I am prompted for my pin, then my Yubikey4 requests a touch (blinks until I touch it), then I get information about they keys the file was encrypted with (mine and a coworker), followed by this:



I found this quite odd, especially since the other files in the storage decrypt just fine with this Yubikey4.

I tried a few things to get more information; I recovered the original private key from backup, not on the Yubikey4, and was able to decrypt the file with that. I re-encrypted the data with the same encryption keys, and the new file is able to be decrypted with both the yubikey4 and the software key. The only difference I can figure is that the Yubikey4 doesn't like the session key. Unfortunately, I can't figure out how to force gpg2 to use a particular session key for encryption; the --override-session-key flag seems to only affect decryption.

I'm open to other suggestions on how to debug this. I'm hoping somehow its a bug in gpg2 and not in the Yubikey4 itself.

I just tried putting the private key onto a different Yubikey by restoring from the backup (a Yubikey4-nano this time. note: not the one I messed up in another thread) and am seeing the same issue with that unit. Every file I try to decrypt a file that was encrypted with this pgp key works except for this one file that fails to decrypt with either Yubikey.

However, I'm also now noticing that attempting to decrypt this one file results in the Yubikey not blinking prior to reporting the error, whereas the other files cause the Yubikey to blink. I think this means that gpg2 is reporting the error prior to even accessing the Yubikey, but I don't know what actually causes the blinking.