Yubico Forum

Hi there, I'm writing because after 3 months of positive testing I'm facing some troubles with YubiKey NEO and GPG Applet. I started testing the applet on a NEO key (version 3.1.0) and everything was working pretty fine. Right afteri decided to start using a new NEO (version 3.1.2) and since the testing showed that the system was reliable, I've generated the certificates for my former email account and uploaded the public part on the keyservers. Right after a couple of weeks of charming work. The smartcard partially decided to stop working. Still able to encrypt emails and files, but any attempt to access to the private key on the device fails with a card error message, following some (hopefully) useful information about the issue:

OS: Tested on Mac OS Lion and Mountain Lion

shiva$ gpg --card-status

Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: Francesco Mormile
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: shiva
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 3
Signature counter : 7
Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206
created ....: 2013-08-08 15:20:14
Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831
created ....: 2013-08-08 15:20:14
Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7
created ....: 2013-08-08 15:20:14
General key info..: pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxx.xxx>
sec> 2048R/6431D206 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/7C17C831 created: 2013-08-08 expires: never
card-no: 0000 00000001




Trying to decrypt a file on disk:

mh4ckb00k15:Downloads shiva$ gpg test.gpg
gpg: encrypted with 2048-bit RSA key, ID 7C17C831, created 2013-08-08
"Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxxx.xxx>"
gpg: public key decryption failed: Card error
gpg: decryption failed: No secret key




Trying the verify command on the smartcard:

shiva$ gpg --card-edit

Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: Francesco Mormile
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: shiva
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 3
Signature counter : 7
Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206
created ....: 2013-08-08 15:20:14
Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831
created ....: 2013-08-08 15:20:14
Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7
created ....: 2013-08-08 15:20:14
General key info..:
pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxx.xxx>
sec> 2048R/6431D206 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/7C17C831 created: 2013-08-08 expires: never
card-no: 0000 00000001

gpg/card> verify

Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: Francesco Mormile
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: shiva
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 3
Signature counter : 7
Signature key ....: 7DDD 3158 1887 4C0D 6785 BC53 09EB EF3E 6431 D206
created ....: 2013-08-08 15:20:14
Encryption key....: 411A 0288 6B42 5ED3 1B2D 72C5 A696 D98B 7C17 C831
created ....: 2013-08-08 15:20:14
Authentication key: 047C 3E04 56E1 377B CB98 31F5 7CE5 8868 20E5 B4C7
created ....: 2013-08-08 15:20:14
General key info..:
pub 2048R/6431D206 2013-08-08 Francesco Mormile (shiva) <francesco.mormile@xxxxxxxxxxxx.xxx>
sec> 2048R/6431D206 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/20E5B4C7 created: 2013-08-08 expires: never
card-no: 0000 00000001
ssb> 2048R/7C17C831 created: 2013-08-08 expires: never
card-no: 0000 00000001

Any idea?

Hey Shiva,

The pin counter is set on 0 - "zero"

You have to use the Admin Pin Unlock command because you have input three times the wrong pin.

Let me know if this will fix your issue. The default admin PIN is "12345678"

_________________
-Tom

Nothing new, during the first set up i changed the default pin and admin pin. Even after the unblock with the reset pin the behaviour is the same. I'm going to finish any reasonable idea about this issue.

Well, looks like the problem is solved, there's still some weird detail but it's solved. Definitely it was connected with the blocked pin due to three errors in a row. I got the gpg back to life changing the pin with the --change-pin option, trying to unblock the pin or change it through the card-edit option did not work. Since i have some other neo key I'll further investigate on this strange behaviour. Anyway, Tom many thanks for the hint;)

Shiva,

Please see my comment in a thread posted right after yours.

Regards,
Weston