| Yubico Forum https://forum.yubico.com/ |
|
| Neo and GPG applet fails (Card Error) https://forum.yubico.com/viewtopic.php?f=26&t=1140 |
Page 1 of 1 |
| Author: | shiva [ Wed Aug 21, 2013 5:07 pm ] |
| Post subject: | Neo and GPG applet fails (Card Error) |
Hi there, I'm writing because after 3 months of positive testing I'm facing some troubles with YubiKey NEO and GPG Applet. I started testing the applet on a NEO key (version 3.1.0) and everything was working pretty fine. Right afteri decided to start using a new NEO (version 3.1.2) and since the testing showed that the system was reliable, I've generated the certificates for my former email account and uploaded the public part on the keyservers. Right after a couple of weeks of charming work. The smartcard partially decided to stop working. Still able to encrypt emails and files, but any attempt to access to the private key on the device fails with a card error message, following some (hopefully) useful information about the issue: OS: Tested on Mac OS Lion and Mountain Lion shiva$ gpg --card-status Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: Francesco Mormile Language prefs ...: en Sex ..............: male URL of public key : [not set] Login data .......: shiva Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 0 3 3 Signature counter : 7 Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206 created ....: 2013-08-08 15:20:14 Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831 created ....: 2013-08-08 15:20:14 Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7 created ....: 2013-08-08 15:20:14 General key info..: pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxx.xxx> sec> 2048R/6431D206 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/7C17C831 created: 2013-08-08 expires: never card-no: 0000 00000001 Trying to decrypt a file on disk: mh4ckb00k15:Downloads shiva$ gpg test.gpg gpg: encrypted with 2048-bit RSA key, ID 7C17C831, created 2013-08-08 "Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxxx.xxx>" gpg: public key decryption failed: Card error gpg: decryption failed: No secret key Trying the verify command on the smartcard: shiva$ gpg --card-edit Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: Francesco Mormile Language prefs ...: en Sex ..............: male URL of public key : [not set] Login data .......: shiva Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 0 3 3 Signature counter : 7 Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206 created ....: 2013-08-08 15:20:14 Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831 created ....: 2013-08-08 15:20:14 Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7 created ....: 2013-08-08 15:20:14 General key info..: pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxx.xxx> sec> 2048R/6431D206 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/7C17C831 created: 2013-08-08 expires: never card-no: 0000 00000001 gpg/card> verify Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: Francesco Mormile Language prefs ...: en Sex ..............: male URL of public key : [not set] Login data .......: shiva Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 0 3 3 Signature counter : 7 Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206 created ....: 2013-08-08 15:20:14 Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831 created ....: 2013-08-08 15:20:14 Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7 created ....: 2013-08-08 15:20:14 General key info..: pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxx.xxx> sec> 2048R/6431D206 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never card-no: 0000 00000001 ssb> 2048R/7C17C831 created: 2013-08-08 expires: never card-no: 0000 00000001 Any idea? |
|
| Author: | Tom [ Thu Aug 22, 2013 7:17 am ] |
| Post subject: | Re: Neo and GPG applet fails (Card Error) |
Hey Shiva, The pin counter is set on 0 - "zero" You have to use the Admin Pin Unlock command because you have input three times the wrong pin. Let me know if this will fix your issue. The default admin PIN is "12345678" |
|
| Author: | shiva [ Tue Aug 27, 2013 12:31 am ] |
| Post subject: | Re: Neo and GPG applet fails (Card Error) |
Nothing new, during the first set up i changed the default pin and admin pin. Even after the unblock with the reset pin the behaviour is the same. I'm going to finish any reasonable idea about this issue. |
|
| Author: | shiva [ Wed Aug 28, 2013 9:44 am ] |
| Post subject: | Re: Neo and GPG applet fails (Card Error) |
Well, looks like the problem is solved, there's still some weird detail but it's solved. Definitely it was connected with the blocked pin due to three errors in a row. I got the gpg back to life changing the pin with the --change-pin option, trying to unblock the pin or change it through the card-edit option did not work. Since i have some other neo key I'll further investigate on this strange behaviour. Anyway, Tom many thanks for the hint;) |
|
| Author: | westonmyers [ Tue Sep 03, 2013 10:33 am ] |
| Post subject: | Re: Neo and GPG applet fails (Card Error) |
Shiva, Please see my comment in a thread posted right after yours. Regards, Weston |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|