Yubico Forum :: View topic - OS X Sierra 10.12.5 Yubikey gpg issues

Author:

macosx2017 [ Sat Jul 08, 2017 1:14 am ]

Post subject:

OS X Sierra 10.12.5 Yubikey gpg issues

Recently picked up a Yubikey 4c and have been having a hell of a time debugging why gpg and it won't work on OS X 10.12.5.

Basically when you run gpg --card-edit you get the dreaded

Code:

gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device

So, I tried all the usual tricks of killing the scdaemon, restarting all the gpg components, with no success. What is really annoying is it works perfectly fine in archlinux.

Here is some debugging information provided by scdaemon

Code:

2017-07-07 16:56:57 scdaemon[7083] DBG: chan_5 <- RESTART
2017-07-07 16:56:57 scdaemon[7083] DBG: chan_5 -> OK
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 <- GETINFO version
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 -> D 2.1.21
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 -> OK
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 <- SERIALNO openpgp
2017-07-07 17:05:30 scdaemon[7083] DBG: enter: apdu_open_reader: portstr=(null)
2017-07-07 17:05:30 scdaemon[7083] detected reader 'Yubico Yubikey 4 OTP+U2F+CCID'
2017-07-07 17:05:30 scdaemon[7083] reader slot 0: not connected
2017-07-07 17:05:30 scdaemon[7083] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
2017-07-07 17:05:30 scdaemon[7083] DBG: enter: apdu_connect: slot=0
2017-07-07 17:05:30 scdaemon[7083] pcsc_control failed: not transacted (0x80100016)
2017-07-07 17:05:30 scdaemon[7083] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2017-07-07 17:05:30 scdaemon[7083] reader slot 0: active protocol: T1
2017-07-07 17:05:30 scdaemon[7083] slot 0: ATR=3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
2017-07-07 17:05:30 scdaemon[7083] DBG: leave: apdu_connect => sw=0x0
2017-07-07 17:05:30 scdaemon[7083] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2017-07-07 17:05:30 scdaemon[7083] DBG:   PCSC_data: 00 A4 00 0C 02 3F 00
2017-07-07 17:05:33 scdaemon[7083] pcsc_transmit failed: not transacted (0x80100016)
2017-07-07 17:05:33 scdaemon[7083] apdu_send_simple(0) failed: general error
2017-07-07 17:05:33 scdaemon[7083] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2017-07-07 17:05:33 scdaemon[7083] DBG:   PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01
2017-07-07 17:05:36 scdaemon[7083] pcsc_transmit failed: not transacted (0x80100016)
2017-07-07 17:05:36 scdaemon[7083] apdu_send_simple(0) failed: general error
2017-07-07 17:05:36 scdaemon[7083] can't select application 'openpgp': Not supported
2017-07-07 17:05:36 scdaemon[7083] DBG: enter: apdu_close_reader: slot=0
2017-07-07 17:05:36 scdaemon[7083] DBG: enter: apdu_disconnect: slot=0
2017-07-07 17:05:36 scdaemon[7083] DBG: leave: apdu_disconnect => sw=0x0
2017-07-07 17:05:36 scdaemon[7083] DBG: leave: apdu_close_reader => 0x0 (close_reader)
2017-07-07 17:05:36 scdaemon[7083] DBG: chan_5 -> ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 scdaemon[7083] DBG: chan_5 <- RESTART

and more information from gpg-agent.log

Code:

2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK Pleased to meet you
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- RESET
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION ttyname=/dev/ttys000
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION ttytype=xterm-256color
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION lc-ctype=en_US.UTF-8
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION lc-messages=en_US.UTF-8
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION allow-pinentry-notify
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION agent-awareness=2.1.0
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- SCD GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] new connection to SCdaemon established (reusing)
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 -> GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 <- D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 <- OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- SCD SERIALNO openpgp
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 -> SERIALNO openpgp
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_9 <- ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_8 -> ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_8 <- [eof]
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_9 -> RESTART

Here is my scdaemon.conf that I've already tried some troubleshooting settings from previous forum posts

Code:

pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC
card-timeout 1
disable-ccid
log-file /Users/admin/.gnupg/scdaemon.log.txt
verbose
debug-level guru

gpg version

Code:

gpg --version
gpg (GnuPG) 2.1.21
libgcrypt 1.7.8

pcsctest seems to be able to communicate

Code:

pcsctest 

MUSCLE PC/SC Lite Test Program

Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange 
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID
Enter the reader number          : 1
Waiting for card insertion         
                                 : Command successful.
Testing SCardConnect             : Command successful.
Testing SCardStatus              : Command successful.
Current Reader Name              : Yubico Yubikey 4 OTP+U2F+CCID
Current Reader State             : 0x54
Current Reader Protocol          : 0x1
Current Reader ATR Size          : 18 (0x12)
Current Reader ATR Value         : 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4 
Testing SCardDisconnect          : Command successful.
Testing SCardReleaseContext      : Command successful.
Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange 
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID

Anyone got any ideas?

Author:	crusso [ Mon Jul 17, 2017 1:37 am ]
Post subject:	Re: OS X Sierra 10.12.5 Yubikey gpg issues
I'm having this exact same problem. Any clues so far?

Author:	jcross [ Fri Jul 28, 2017 2:03 am ]
Post subject:	Re: OS X Sierra 10.12.5 Yubikey gpg issues
Same error message when using Yubikey Neo-N on OS X El Capitan 10.11.6 on an early 2014 MBA. I'm using GnuPG from https://gpgtools.org Error went away after a restart.

Yubico Forum https://forum.yubico.com/

OS X Sierra 10.12.5 Yubikey gpg issues https://forum.yubico.com/viewtopic.php?f=35&t=2664	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/