| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] - gpg: selecting openpgp failed: Card error https://forum.yubico.com/viewtopic.php?f=35&t=2388 |
Page 1 of 1 |
| Author: | jrotello [ Thu Aug 04, 2016 11:08 pm ] |
| Post subject: | [QUESTION] - gpg: selecting openpgp failed: Card error |
I'm having an issue on one of my Windows 10 (64-bit) machines when I attempt to read the PGP keys from the card. My second Win 10 machine works w/o issue. I get the following error: Code: λ gpg --card-status gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error This is the log generated for scdaemon. Code: 2016-08-04 16:44:01 scdaemon[3628] listening on socket `C:\Users\Jason\AppData\Roaming\gnupg\S.scdaemon' 2016-08-04 16:44:01 scdaemon[3628] handler for fd -1 started 2016-08-04 16:44:01 scdaemon[3628] detected reader `Yubico Yubikey 4 OTP+U2F+CCID 0' 2016-08-04 16:44:01 scdaemon[3628] reader slot 0: not connected scdaemon[3628]: chan_0x00000238 -> OK GNU Privacy Guard's Smartcard server ready scdaemon[3628]: chan_0x00000238 <- GETINFO socket_name scdaemon[3628]: chan_0x00000238 -> D C:\Users\Jason\AppData\Roaming\gnupg\S.scdaemon scdaemon[3628]: chan_0x00000238 -> OK scdaemon[3628]: chan_0x00000238 <- OPTION event-signal=200 scdaemon[3628]: chan_0x00000238 -> OK scdaemon[3628]: chan_0x00000238 <- SERIALNO openpgp 2016-08-04 16:44:01 scdaemon[3628] pcsc_connect failed: sharing violation (0x8010000b) 2016-08-04 16:44:01 scdaemon[3628] reader slot 0: not connected scdaemon[3628]: chan_0x00000238 -> ERR 100663404 Card error <SCD> scdaemon[3628]: chan_0x00000238 <- RESTART scdaemon[3628]: chan_0x00000238 -> OK 2016-08-04 16:44:01 scdaemon[3628] updating slot 0 status: 0x0000->0x0007 (0->1) 2016-08-04 16:44:01 scdaemon[3628] triggering event 200 (00000200) for client -1 I've tried different usb ports, and number of suggests from other forums posts that seemed related. This machine has read the card about 2 times out of hundreds of tries. All other Yubikey functions (OTP, static password, TOTP in particular) are working without issue on this problem machine as well. I'm looking for further ideas on how I can possibly identify the cause of this on this single machine. Thanks! -j |
|
| Author: | ChrisHalos [ Fri Aug 05, 2016 12:33 am ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
The error is a sharing violation, so something else is accessing the card. Have you tried ending gpg-agent and scdaemon? (Task Manager > More Details - Items are listed under "Background Processes" under GnuPG) Perhaps there is an internal smart card reader on this computer and gpg is getting confused? (check Device Manager under "smart card readers") |
|
| Author: | jrotello [ Fri Aug 05, 2016 3:50 am ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
Yeah, I've killed gpg-agent and scdaemon countless times. I don't believe this machine has another smart card reader (I certainly don't see one). Device manager doesn't show any other smart card readers either. -j |
|
| Author: | jrotello [ Mon Aug 15, 2016 8:05 pm ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
I've noticed that the "Identity Device (NIST SP 800-73 [PIV])" smart card is not showing up in device manager on the problem machine. The "Microsoft Usbccid Smartcard Reader (WUDF)" device IS found and showing up in device manager. I am at a loss as to how to continue to troubleshoot this issue. Are there tools I can use to help identify the sharing violation? |
|
| Author: | mouse008 [ Sun Aug 21, 2016 4:39 am ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
I've no idea if the following would or would not help. But YubiKey (NEO and 4) does not come from the factory fully initialized in PIV mode. In order for it to be recognized as PIV, two data objects must be created: CHUID and CCC. You can do it with Code: yubico-piv-tool -a set-ccc -a set-chuid
|
|
| Author: | ChrisHalos [ Mon Aug 22, 2016 4:59 pm ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
Changes to the PIV applet won't affect the OpenPGP applet, and I haven't seen anything indicating that a CCC needs to be set for MS Windows anyway (we don't need to do this for domain login with slot 9a, for example). |
|
| Author: | jrotello [ Sat Aug 27, 2016 2:32 am ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
Definitely don't need those commands. It works on one machine, but not the other. It has to be something specific to that machine. I'm just at a loss on how to continue troubleshooting it. -j |
|
| Author: | jcross [ Wed May 03, 2017 9:22 pm ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
Any luck fixing this? |
|
| Author: | jrotello [ Mon Jul 24, 2017 7:50 pm ] |
| Post subject: | Re: [QUESTION] - gpg: selecting openpgp failed: Card error |
@jcross - Unfortunately not. I have since upgraded the problem laptop, but the new one is having the same issue. The Yubikey is recognized just fine, but something is preventing gpg from accessing it exclusively. I suspect it to be my VPN software or the Symantec PKI software installed on these machines, but I have tried disabling everything I could find relating to them. I'm just not sure what else I can do to diagnose the issue. I have a Surface Pro 4 that work fine with it, but both my old and new dell laptops are having nothing to do with it. It's unfortunate because I really want to use it, but I need it on all my machines, not just one. Please respond to this thread if you get anywhere with it and I will do the same. -j |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|