Yubico Forum :: View topic - [SOLVED] Problems generating keys for YK-KSM

ykksm-gen-keys --urandom 1 5 | gpg -a --encrypt -r XXXXXXXX -s > keys.txt

gpg: cancelled by user
gpg: no default secret key: Operation cancelled
gpg: [stdin]: sign+encrypt failed: Operation cancelled

gpg -r XXXXXXXX--output keys.txt.gpg --encrypt keys.txt

[GNUPG:] ENC_TO XXXXXXXXXXXXXXXX 1 0
[GNUPG:] USERID_HINT XXXXXXXXXXXXXXXX YK-KSM Import Key
[GNUPG:] NEED_PASSPHRASE XXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYYY 1 0
gpg: cancelled by user
[GNUPG:] MISSING_PASSPHRASE
gpg: encrypted with 2048-bit RSA key, ID ZZZZZZZZZ, created 2017-03-19
"YK-KSM Import Key"
gpg: public key decryption failed: Operation cancelled
[GNUPG:] ERROR pkdecrypt_failed 99
[GNUPG:] BEGIN_DECRYPTION
[GNUPG:] DECRYPTION_FAILED
gpg: decryption failed: No secret key
[GNUPG:] END_DECRYPTION
encrypted to: XXXXXXXXXXXXXXXX
signed by:
Input not signed? at /usr/bin/ykksm-import line 122.

gpg --clearsign test.txt

lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Please enter the passphrase to unlock the secret key for the OpenPGP x
x certificate: x
x "YK-KSM Import Key" x
x 2048-bit RSA key, ID XXXXXXXX, x
x created 2017-03-19. x
x x
x x
x Passphrase __________________________________________________________ x
x x
x <OK> <Cancel> x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Author:	drcheese [ Sun Mar 19, 2017 6:03 am ]
Post subject:	[SOLVED] Problems generating keys for YK-KSM
So I have a gpg key generated per the tutorial here: https://developers.yubico.com/yubikey-ksm/Generate_KSM_Key.html However gpg does not request my passphrase when I try to generate KSM keys via: Code: ykksm-gen-keys --urandom 1 5 \| gpg -a --encrypt -r XXXXXXXX -s > keys.txt The output ends as follows: Code: gpg: cancelled by user gpg: no default secret key: Operation cancelled gpg: [stdin]: sign+encrypt failed: Operation cancelled I found a possible workaround by using the following: Code: gpg -r XXXXXXXX--output keys.txt.gpg --encrypt keys.txt But then the importer gives me a similar error, expecting a passphrase to unlock the secret key and it never prompting for one: Code: [GNUPG:] ENC_TO XXXXXXXXXXXXXXXX 1 0 [GNUPG:] USERID_HINT XXXXXXXXXXXXXXXX YK-KSM Import Key [GNUPG:] NEED_PASSPHRASE XXXXXXXXXXXXXXXX YYYYYYYYYYYYYYYYYYY 1 0 gpg: cancelled by user [GNUPG:] MISSING_PASSPHRASE gpg: encrypted with 2048-bit RSA key, ID ZZZZZZZZZ, created 2017-03-19 "YK-KSM Import Key" gpg: public key decryption failed: Operation cancelled [GNUPG:] ERROR pkdecrypt_failed 99 [GNUPG:] BEGIN_DECRYPTION [GNUPG:] DECRYPTION_FAILED gpg: decryption failed: No secret key [GNUPG:] END_DECRYPTION encrypted to: XXXXXXXXXXXXXXXX signed by: Input not signed? at /usr/bin/ykksm-import line 122. I realize this may be a specific issue with gpg2 configuration in CentOS 7, but thought someone else may have run into this issue too. Any help is greatly appreciated.

Author:	drcheese [ Sun Mar 19, 2017 6:16 am ]
Post subject:	Re: Problems generating keys for YK-KSM
Okay, so that was quick. I have half of my solution. Basically the gpg2 does not allow forcing entry of the passphrase all the time so you have to cache it somehow. I did this by creating a dummy file called test.txt and creating a signature for it via the command: Code: gpg --clearsign test.txt That caused the passphrase prompt: Code: lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x Please enter the passphrase to unlock the secret key for the OpenPGP x x certificate: x x "YK-KSM Import Key" x x 2048-bit RSA key, ID XXXXXXXX, x x created 2017-03-19. x x x x x x Passphrase __________________________________________________________ x x x x <OK> <Cancel> x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj However this did not fix the importer issue where it did not prompt for the passphrase a second time. Any help on this? I can't seem to get around this issue.

Author:	drcheese [ Sun Mar 19, 2017 6:43 am ]
Post subject:	Re: Problems generating keys for YK-KSM
Solved... Create ~/.gnupg/gpg-agent.conf and add this one line: Code: max-cache-ttl 0

Yubico Forum https://forum.yubico.com/

[SOLVED] Problems generating keys for YK-KSM https://forum.yubico.com/viewtopic.php?f=5&t=2605	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/