Yubico Forum :: View topic - Can't setup NEO to use SSH/GPG

gpg --version  2
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

nema.darban  ~  gpg --card-edit

gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID'
Application ID ...: D2760001240102000006036335900000
Version ..........: 2.0
Manufacturer .....: unknown
Serial number ....: 03633590
Name of cardholder: Nema Darban
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: E1C4 7B95 42D2 84DC F37F C5B7 2DD9 A6FC 64C9 9ABE
created ....: 2015-07-19 23:14:53
Encryption key....: [none]
Authentication key: ACAB 53B7 7C2D 917F 305E C062 7365 F926 ECFE 1364
created ....: 2015-07-19 23:14:53
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) y

gpg: NOTE: keys are already stored on the card!

Replace existing keys? (y/N) y
gpg: gpg-agent is not available in this session

Please enter the PIN
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 2y
Key expires at Tue Jul 18 16:16:12 2017 PDT
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: Nema Darban
Email address:
Comment:
You selected this USER-ID:
"Nema Darban"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: existing key will be replaced
gpg: 3 Admin PIN attempts remaining before card is permanently locked

Please enter the Admin PIN
gpg: please wait while key is being generated ...
gpg: key generation completed (18 seconds)
gpg: signatures created so far: 0
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (5 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
You need a Passphrase to protect your secret key.

+++++
.....+++++
gpg: writing new key
gpg: storing key onto card failed: not supported
Key generation failed: not supported

gpg/card>

Author:	smalldoorman [ Mon Jul 20, 2015 12:22 am ]
Post subject:	Can't setup NEO to use SSH/GPG
I'm in a bind and could use some help. Im on a Mac Pro using a Yubikey NEO. I was hoping to use the NEO as my 2 factor Auth and SSH Key. I followed a bunch of online documents on how to get this going and nothing has worked. I decided try and start from scratch but when it comes to generating a new Key Im hitting errors. All guidance would be appreciated. Environment: Quote: gpg --version  2 gpg (GnuPG) 1.4.19 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 What I'm trying to do: Quote: nema.darban  ~  gpg --card-edit gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID' Application ID ...: D2760001240102000006036335900000 Version ..........: 2.0 Manufacturer .....: unknown Serial number ....: 03633590 Name of cardholder: Nema Darban Language prefs ...: en Sex ..............: male URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 3 Signature key ....: E1C4 7B95 42D2 84DC F37F C5B7 2DD9 A6FC 64C9 9ABE created ....: 2015-07-19 23:14:53 Encryption key....: [none] Authentication key: ACAB 53B7 7C2D 917F 305E C062 7365 F926 ECFE 1364 created ....: 2015-07-19 23:14:53 General key info..: [none] gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) y gpg: NOTE: keys are already stored on the card! Replace existing keys? (y/N) y gpg: gpg-agent is not available in this session Please enter the PIN Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Tue Jul 18 16:16:12 2017 PDT Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Nema Darban Email address: Comment: You selected this USER-ID: "Nema Darban" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: existing key will be replaced gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN gpg: please wait while key is being generated ... gpg: key generation completed (18 seconds) gpg: signatures created so far: 0 gpg: existing key will be replaced gpg: please wait while key is being generated ... gpg: key generation completed (5 seconds) gpg: signatures created so far: 1 gpg: signatures created so far: 2 You need a Passphrase to protect your secret key. +++++ .....+++++ gpg: writing new key gpg: storing key onto card failed: not supported Key generation failed: not supported gpg/card> Neither myself nor my coworker have been able to setup these NEOs so that we can hold our SSH keys on them and validate against them. I've only been able to use it to Authenticate against my Gmail account and LastPass. Cheers!

Author:	zviratko [ Wed Aug 19, 2015 10:32 am ]
Post subject:	Re: Can't setup NEO to use SSH/GPG
Do you use gpgtools.org packages? If not then you probably should Install, reboot, all should work I also suggest you reset the applet before tryting again: https://developers.yubico.com/ykneo-ope ... pplet.html P.S. if you have PIV tokend (or OpenSC tokend) installed then it will not work (randomly) because tokend locks the card completely. You need to disable tokend if you want to use openpgp.

Yubico Forum https://forum.yubico.com/

Can't setup NEO to use SSH/GPG https://forum.yubico.com/viewtopic.php?f=26&t=1967	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/