|
I'm running into a few issues which I think are related but I have not been able to make much progress on figure any of them out.
I have a couple of Neo and a Nano4 keys, my intent is to have 3 nearly identical keys for the purpose of using 1 at home always in my primary computer (Nano)
A NEO backup key for recovery purposes kept in the safe in case the 2nd NEO is lost
A NEO primary key on my keychain for use in the office/etc...
My intended use cases for this are:
-Logging into Windows/Mac/Linux with Challenge-Response HMAC-SHA1 configuration (Implemented but I don't remember if the Neo has it)
-Using LastPass for password management (Yubikey OTP) (Implemented in all keys)
-Using U2F functionality of the key for Google/Facebook/etc (Implemented in all keys)
-Using the GPG/PIV functionality to log into ssh sessions and sign (Made progress in Mac/Raspberry Pi but not my laptop)
My laptop is one of the primary use cases since I use it every day and I suspect this is where my problems are.
First issue is that when I don't have a Yubikey plugged in and start Yubikey NEO Manager, there's a report of a phanton/ghost yubikey that doesn't have a serial number, does not support U2F/FIDO and the only enabled mode is OTP. When I change the connection mode, it shows CCID as selectable but trying to toggle that results in an error message about Slot protection. I have used USBDeview on Support's suggestion to remove all devices with Yubikey identifier 1050 but that didn't make a difference. I have gone through a Windows 10 Creator Update and that did not resolve the issue either.
Second issue is using Yubikey command line tools like ykpersonalize:
Some commands work, others don't:
C:\Program Files (x86)\Yubico\ybikey-personalization\bin>ykinfo.exe -s
serial: 530xxx
C:\Program Files (x86)\Yubico\ybikey-personalization\bin>ykinfo.exe -c
Yubikey core error: timeout
However the same sequence on the NANO reports differently
C:\Program Files (x86)\Yubico\ybikey-personalization\bin>ykinfo.exe -c
capabilities: 0c0101ff0xxxxxxxxxxxxxxccccccglcibff
Then while trying to use gpg commands to edit the card on my laptop I get this as the result:
C:\Program Files (x86)\Yubico\ybikey-personalization\bin>gpg --card-status
gpg: selecting openpgp failed: Card not present
gpg: OpenPGP card not available: Card not present
While on a Mac I get this as the result:
gpg --card-status
Application ID ...: D276000124010200000605xxxxxx
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 053xxxx
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
I haven't even gotten to the part of actually moving my keys to the Yubikey yet (I understand I can do it with my Mac but if I'm going to be using the key on my laptop most of the time and it's not working then I will probably not have much success on getting further once I move the keys over with my Mac)
I'd like to figure out how to remove the ghost Yubikey without doing a full format of the laptop (Not an acceptable option)
|
Login
FAQ
Search
