Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:07 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sun Jan 08, 2017 10:59 pm 
Offline

Joined: Tue Oct 28, 2014 8:52 pm
Posts: 3
Code:
$ gpg-connect-agent
> scd random 32
ERR 100663404 Card error <SCD>


This scd command works correctly on my three NEOs, but fails on my 4s. Is it not a supported feature?

How can I read random bytes from the Yubikey 4?

Thank you for your help :)


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Dec 19, 2017 11:05 pm 
Offline

Joined: Tue Dec 19, 2017 11:01 pm
Posts: 1
I am seeing the same thing. scd random fails with the Yubikey 4.

Code:
$ echo scd random 2048 | gpg-connect-agent
ERR 100663404 Card error <SCD>


The above works fine with the Yubico Neo. Is there a way to get random bytes from the Yubikey 4? I'd prefer to buy just one key for all my usecases.


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 29, 2017 11:58 am 
Offline

Joined: Fri Dec 29, 2017 11:36 am
Posts: 1
Since this discovery really surprised me, I decided to dig deeper. The OpenPGP applet on the YubiKey with which the gpg-connect-agent communicates announces its support for random number generation in the "Extended Capabilities" bytes (see OpenPGP spec, Section 4.3.3.5). The second-highest bit in the first byte is 1 if the YubiKey supports the GET CHALLENGE command, which is what gpg-connect-agent seems to use when you run scd random XX. The third and fourth byte encode the maximum length supported for such a request.

I extracted the extended capabilities bytes for my YK 4n and YK Neo:
Code:
[0xF0, 0x00, 0x00, 0xFF, 0x04, 0xC0, 0x00, 0xFF, 0x00, 0xFF] (YK Neo)
[0x3C, 0x00, 0x00, 0x00, 0x04, 0xC0, 0x00, 0xFF, 0x00, 0xFF] (YK 4n)

As you can see, the second-highest bit of the first byte is set for the YK Neo and it supports GET CHALLENGE requests for up to 255 bytes at a time. The YK 4n (and most likely the 4 as well) announces that it does not support GET CHALLENGE. That means that it is realistically impossible to retrieve random numbers from the OpenPGP applet on the YK 4, barring crazy techniques such as harvesting entropy from generated keys.

An alternative could be to use the PIV applet, which can generate random challenges via the GENERAL AUTHENTICATE command (PIV spec, Section A.1). The downside is that you can apparently only generate 8 random bytes per request and may have to have PIV certificates present on the YK (not sure about the latter, as I can't test it atm).

Example invocation of piv-tool (the last 8 bytes of the response are random):
Code:
$ piv-tool --send-apdu 00:87:00:9B:04:7C:02:81:00:00
Using reader with a card: Yubico Yubikey 4 OTP+U2F+CCID 00 00
Sending: 00 87 00 9B 04 7C 02 81 00 00
Received (SW1=0x90, SW2=0x00):
7C 0A 81 08 9A 8B F2 A1 5F 54 58 72 |......._TXr


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group