Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:01 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
PostPosted: Tue Mar 11, 2014 2:32 am 
Offline

Joined: Tue Mar 11, 2014 2:08 am
Posts: 1
So. I'm fairly technically-capable. I've spent the last few hours trying to install all the software, and configure it as necessary, to install the applet on my NEO … but no luck.

I've successfully installed GPShell and all its dependancies, but when I try to install the applet, I get the following:

Code:
> > gpshell ./gpinstall.local.txt
mode_211
enable_trace
establish_context
card_connect
Could not connect to reader number 0


As far as I can tell, the Yubikey isn't being registered “as a smartcard.” Not sure how to make it register as a smart-card, instead of as a keyboard.

(Side-note: I've used ykpersonalize -m82 to set my card to act as both an HID and CCID device; but I'm not sure if that's relevant. Didn't seem to help.)

Once I've got this all working, I may be arsed to submit a tutorial on how to get everything installed on OS X … it's kind of a cluster<beep>.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Mar 11, 2014 12:04 pm 
Offline

Joined: Mon Jan 20, 2014 9:22 pm
Posts: 22
ELLIOTTCABLE wrote:
So. I'm fairly technically-capable. I've spent the last few hours trying to install all the software, and configure it as necessary, to install the applet on my NEO … but no luck.

Once I've got this all working, I may be arsed to submit a tutorial on how to get everything installed on OS X … it's kind of a cluster<beep>.


As you mention OSX, are you sure that you have enabled the current stock driver for NEO?

You might find it easier to use the pre-compiled driver for OSX instead: https://github.com/martinpaljak/osx-cci ... r/releases

Regarding basic applet installation I'm confident that my gp tool provides way simpler usability compared to gpshell: https://github.com/martinpaljak/GlobalPlatform#usage

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 18, 2014 8:50 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Everyone,

Please move to the Yubikey NEO manager
http://opensource.yubico.com/yubikey-neo-manager/

Its a GUI and it is user friendly for those who do not feel comfortable with command lines tools.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Sat May 17, 2014 3:41 pm 
Offline

Joined: Mon Jul 29, 2013 12:10 pm
Posts: 15
regarding the PIV Applet:

It says I have a PIV-II card

Quote:
$ piv-tool -n
Using reader with a card: Yubikey NEO OTP+CCID 00 00
PIV-II card


but:

Quote:
$ ./yubico-piv-tool -s 9a -A ECCP256 -a generate --verbose=2
parsed key: 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08
using reader 'Yubikey NEO OTP+CCID 00 00' matching 'Yubikey'.
> 00 a4 04 00 05 a0 00 00 03 08
< 61 11 4f 06 00 00 10 00 01 00 79 07 4f 05 a0 00 00 03 08 90 00
> 00 87 03 9b 04 7c 02 80 00
< 7c 0a 80 08 1d 0f b6 3a e8 f2 51 44 90 00
> 00 87 03 9b 16 7c 14 80 08 c9 ea 45 5e 14 9d d5 ed 81 08 87 8c ca 0d 86 b3 df 16
< 7c 0a 82 08 fc 32 92 32 41 85 58 a1 90 00
Successful applet authentication.
Now processing for action 1.
Going to send 5 bytes in this go.
> 00 47 00 9a 05 ac 03 80 01 11
< 6a 80
Failed to generate new key.


Last edited by ctoph1977 on Sat May 17, 2014 8:37 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Sat May 17, 2014 8:35 pm 
Offline

Joined: Mon Jul 29, 2013 12:10 pm
Posts: 15
turned out that since I enabled the support for the PIV_II Applet in PCSC now gpg cannot directly access the openpg applet anymore so I tried telling scdaemon to use pcsc instead first I wanted to know wether I could see a openpgp smartcard with opensc but

Quote:
$ opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubikey NEO OTP+CCID 00 00
$ openpgp-tool -r0
error: not an OpenPGP card


appearently it does not see a openpgp card.

just to be sure I told scdaemon to use pcsc

Quote:
cat scdaemon.conf
pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC
card-timeout 5
disable-ccid


unfortunately:

Quote:
$ gpg --card-status
gpg: selecting openpgp failed: Card error


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 29, 2014 5:00 am 
Offline

Joined: Tue Nov 18, 2014 9:14 pm
Posts: 95
Location: San Jose, CA
The problem is that scdaemon in gnupg2 is very "greedy" with respect to PCSC: it requires exclusive access. This means that the OpenSC tokend driver on OS X will prevent scdaemon from working properly.

You can get it back working again by killing any other application which is using PCSC. Then your card should work fine with gnupg.

I'm currently working on a fix for this in my own branch of gnupg, which you can find here: https://github.com/darconeous/gnupg/tre ... mon-behave


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 05, 2015 3:41 pm 
Offline

Joined: Fri Jun 05, 2015 3:28 pm
Posts: 1
Hi, I have a NEO-n and did not work with the yubico authenticator.
I followed the instruction in the first post to install the yubioath applet but for some reason, it failed.

mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
40255650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040255650B06092B851086486
4020103660C060A2B060104012A026E01029000
Command --> 80500000086B65E9BCBFD664AC00
Wrapped command --> 80500000086B65E9BCBFD664AC00
Response <-- 0000413803782893057902020001FEF557D1E12AECFB480701E958259000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)

but now yubico authenticator, slot 1, slot 2, u2f all seem to be working fine. Which is good except for the fact that my NEO-n's LED is now flickering.
about once every 2 seconds. Is there anyway to fix this? Have i broke my yubikey?


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 06, 2015 3:18 am 
Offline

Joined: Mon Feb 23, 2015 1:47 am
Posts: 7
mnegishi12 wrote:
Hi, I have a NEO-n and did not work with the yubico authenticator.
I followed the instruction in the first post to install the yubioath applet but for some reason, it failed.

mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
40255650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040255650B06092B851086486
4020103660C060A2B060104012A026E01029000
Command --> 80500000086B65E9BCBFD664AC00
Wrapped command --> 80500000086B65E9BCBFD664AC00
Response <-- 0000413803782893057902020001FEF557D1E12AECFB480701E958259000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)

but now yubico authenticator, slot 1, slot 2, u2f all seem to be working fine. Which is good except for the fact that my NEO-n's LED is now flickering.
about once every 2 seconds. Is there anyway to fix this? Have i broke my yubikey?


I get a very similar error on install. How do we fix this, what might be wrong?


Top
 Profile  
Reply with quote  
PostPosted: Mon Jul 06, 2015 9:41 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Attachment:
Capture.PNG
Capture.PNG [ 50.24 KiB | Viewed 7270 times ]


Top
 Profile  
Reply with quote  
PostPosted: Tue Jul 07, 2015 3:40 am 
Offline

Joined: Mon Feb 23, 2015 1:47 am
Posts: 7
Tom2 wrote:
Attachment:
Capture.PNG

Thanks for the sarcastic response, Tom2. That doesn't exactly help us, it just indicates why we're having difficulties. I'm personally hoping to install newer versions of apps onto an older card, which should still be possible. Some research that I had to do on my own and that you could have mentioned here turned up that the default key was changed from a known value to a random value, reducing the value of the YubiKey, but not reducing the cost. It would be nice if there were some way to algorithmically determine our keys and then install apps, but since YubiCo doesn't seem to have documented that process, if it's even possible, simply saying "This only works on YubiKey Neo with serial numbers less than 300000 or on the YubiKey Neo Developer Edition" would have been a better answer..


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 54 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group