Yubico Forum :: View topic - [SOLVED] gpshell error 6A82 (Yubikey 4/Edge)

Author:

R0xph [ Fri Jul 08, 2016 3:23 pm ]

Post subject:

[SOLVED] gpshell error 6A82 (Yubikey 4/Edge)

Hello,

I have a Yubikey with the following USB descriptor "Yubikey 4 OTP+U2F" and I guess it is a Yubikey Edge.
I would like to set up the key as an OpenPGP SmartCard, so I first actived CCID mode using "ykpersonalize -m2" (anyhow "Yubikey NEO Manager" failed to apply the mode setting).
Now the key appears with a more satisfying USB descriptor "Yubikey 4 OTP+CCID", however GPG does not seem to support it:

Code:

% gpg2 --debug-all --debug-level=guru --card-status
gpg: reading options from '/home/user/.gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- OK Pleased to meet you, process 10024
gpg: DBG: connection to agent established
gpg: DBG: chan_3 -> RESET
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/22
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION display=:0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION xauthority=/home/user/.Xauthority
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=XMODIFIERS=@im=ibus
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=GTK_IM_MODULE=ibus
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-7kXRpcahZL
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION putenv=QT_IM_MODULE=ibus
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-ctype=en_US.UTF-8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION lc-messages=en_US.UTF-8
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.11
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION allow-pinentry-notify
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> AGENT_ID
gpg: DBG: chan_3 <- ERR 67109139 Unknown IPC command <GPG Agent>
gpg: DBG: chan_3 -> SCD GETINFO version
gpg: DBG: chan_3 <- D 2.1.11
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> SCD SERIALNO openpgp
gpg: DBG: chan_3 <- ERR 100663356 Not supported <SCD>
gpg: OpenPGP card not available: Not supported

And here after are the scdaemon logs

Code:

2016-07-08 15:01:49 scdaemon[10026] listening on socket '/home/user/.gnupg/S.scdaemon'
2016-07-08 15:01:49 scdaemon[10026] handler for fd -1 started
2016-07-08 15:01:49 scdaemon[10026] DBG: enter: apdu_open_reader: portstr=Yubico Yubikey 4 OTP+CCID
2016-07-08 15:01:49 scdaemon[10026] detected reader 'Yubico Yubikey 4 OTP+CCID 00 00'
2016-07-08 15:01:49 scdaemon[10026] reader slot 0: not connected
2016-07-08 15:01:49 scdaemon[10026] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 <- GETINFO socket_name
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> D /home/user/.gnupg/S.scdaemon
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> OK
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 <- OPTION event-signal=12
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> OK
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 <- GETINFO version
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> D 2.1.11
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> OK
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 <- SERIALNO openpgp
2016-07-08 15:01:49 scdaemon[10026] DBG: enter: apdu_connect: slot=0
2016-07-08 15:01:49 scdaemon[10026] DBG: feature: code=12, len=4, v=42330012
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=01, len=2, v=00000000
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=03, len=1, v=00000000
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=09, len=1, v=00000000
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=0B, len=2, v=00001050
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=0C, len=2, v=00000405
2016-07-08 15:01:49 scdaemon[10026] DBG: TLV properties: tag=0A, len=4, v=00010000
2016-07-08 15:01:49 scdaemon[10026] reader slot 0: active protocol: T1
2016-07-08 15:01:49 scdaemon[10026] slot 0: ATR=3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
2016-07-08 15:01:49 scdaemon[10026] DBG: leave: apdu_connect => sw=0x0
2016-07-08 15:01:49 scdaemon[10026] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2016-07-08 15:01:49 scdaemon[10026] DBG:   PCSC_data: 00 A4 00 0C 02 3F 00
2016-07-08 15:01:49 scdaemon[10026] DBG:  response: sw=6D00  datalen=0
2016-07-08 15:01:49 scdaemon[10026] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2016-07-08 15:01:49 scdaemon[10026] DBG:   PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01
2016-07-08 15:01:49 scdaemon[10026] DBG:  response: sw=6A82  datalen=0
2016-07-08 15:01:49 scdaemon[10026] can't select application 'openpgp': Not supported
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> ERR 100663356 Not supported <SCD>
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 <- RESTART
2016-07-08 15:01:49 scdaemon[10026] DBG: chan_5 -> OK
2016-07-08 15:01:49 scdaemon[10026] DBG: enter: apdu_get_status: slot=0 hang=0
2016-07-08 15:01:49 scdaemon[10026] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
2016-07-08 15:01:49 scdaemon[10026] updating reader 0 (0) status: 0x0000->0x0007 (0->1)
2016-07-08 15:01:49 scdaemon[10026] sending signal 12 to client 1635

I thought perhaps the OpenPGP applet is not installed on the key, so I used globalplatform tools and java card kit to compile the applet.
However I got an error when I try to install it on the key with gpshell:

Code:

$ LD_LIBRARY_PATH=/usr/local/lib gpshell gpinstall.txt
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6A82
select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.)

I don't know what's going on here hence I would really appreciate any tips or help ;)
Cheers

Author:	ChrisHalos [ Thu Jul 14, 2016 5:22 pm ]
Post subject:	Re: [QUESTION] gpshell error 6A82
The YubiKey Edge doesn't provide smart card functionality, so enabling CCID mode on an Edge won't do anything. You can't use it as a smart card. This requires a YubiKey 4 or YubiKey NEO. You also can't use gpshell on a YubiKey 4, or any NEO sold after ~ July 2014, since they don't have updateable applets. https://www.yubico.com/wp-content/uploa ... ov2015.pdf

Author:	R0xph [ Mon Jul 25, 2016 12:59 pm ]
Post subject:	Re: [SOLVED] gpshell error 6A82 (Yubikey 4/Edge)
Thank you Chris for your answer. I have been miss-led by the USB descriptor stating "Yubikey 4" instead of "Yubikey Edge". It would have been wiser to name each devices accordingly.

Yubico Forum https://forum.yubico.com/

[SOLVED] gpshell error 6A82 (Yubikey 4/Edge) https://forum.yubico.com/viewtopic.php?f=35&t=2363	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/