Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:39 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Mon Dec 21, 2015 1:11 am 
Offline

Joined: Mon Dec 21, 2015 12:40 am
Posts: 2
Hello,

I'm new to the matter of Yubikeys, and I'll start by saying that I found it very frustrating to find my way through documentation and set up, My goal is to use the key for two prime purposes, U2F with online services and using with gpg as described herer :https://developers.yubico.com/PGP/Importing_keys.html
I'm on windows 8.1, with GPG4win 2.3.0 (GPG 2.0.29). I have tried the route described in the tutorial linked above, and by exporting generated keys to file and use the import function on the PIV software.
gpg2 - keytocard fails with
Code:
gpg: error writing key to card: Bad PIN
after promting me with the passphrase entry of the gpg key.
I tried several time to reset the card -
Code:
yubico-piv-tool
, it always fails. As I read somewhere the GnuPG Smarcard daemon is a bit flakey, so in between each try I remove the Yubikey and kill the GnuPG Daemon.
I could manage to generate keys on the Card using the PIV tool, but copying my existing keys always fails. I at a loss how to proceed, there's an abundance of help available on the net for the NEO, but for the 4 it's looking sparse.
Any help or hints are much appreciated!

Wolfgang


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jan 11, 2016 8:47 pm 
Offline

Joined: Mon Mar 02, 2015 9:39 pm
Posts: 27
The card has two (actually more than two, but only these two matter here) applets:
    * OpenPGP applet
    * PIV applet

yubico-piv-tool works with the PIV applet. Whatever keys you generate with it, are not usable and have no relation with the keys that OpenPGP applet has access to.

It is unclear whether you changed your PIN for both PIV and OpenPGP applets.

Also, I don't know how to access OpenPGP applet from a Windows box. But usually only one (OpenPGP or PIV) can be accessed - and if an application grabs one applet, other applications on your OS wouldn't be able to access the other until this "grabbing" application exits and releases the token.

Hope this helps, and hope somebody else corrects/expands the above to make it more useful.


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 31, 2016 11:47 pm 
Offline

Joined: Mon Dec 21, 2015 12:40 am
Posts: 2
Uriel,

Sorry, It's been a while, Thank you clearing that up, the PIV and OpenPGP app are different! And for some reason GPG2 on win8.1 won't write to the key.

How can I then copy my keys to the Yubikey 4? The UEFI isn't supported with the USB Live images for Debian and attempts to access the Yubikey from a Virtualbox Debian have failed.

Sometimes it's the small stuff that makes me stumble.

regards,
Wolfgang


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 01, 2016 6:08 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
What do you mean it "won't write" to the YubiKey 4 on Windows 8.1? Works fine for me. Do you have any logs to support this? Instructions for generating and/or importing keys to the YubiKey can be found here - https://developers.yubico.com/PGP/Importing_keys.html (ignore the Prerequisites section!).

Regarding Debian, you may want to look at this post to get an idea - viewtopic.php?t=2254&p=8461 - it's covering Linux Mint but the issue is probably similar, i.e. needing patch libccid and/or add the udev rules.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 22, 2016 11:12 am 
Offline

Joined: Sun Nov 15, 2015 11:47 pm
Posts: 36
Also, you need to figure out what software (maybe GPG4Win???) would talk to Yubikey's OpenPGP applet. Once you get that, and after you straighten out your OpenPGP PIN issue, you can generate or import PGP keys.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group