Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:24 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Feb 17, 2016 12:22 pm 
Offline

Joined: Wed Feb 17, 2016 12:14 pm
Posts: 4
I'm not able to set the Yubikey 4 Touch feature for my PGP sig keys. I run yubitouch.sh like this:

yubitouch.sh sig on

and after entering my Admin PIN I get this output:

"Verification failed, wrong pin?"

When the script runs this command

$GCA --hex "scd apdu 00 20 00 83 $PIN_LEN $PIN" /bye

it gets this as output:

Code:
D[0000]  67 00                                              g.             
OK

Because it doesn't find "90 00" the script then dies.

However, I don't think the PIN is wrong because the Admin PIN attempts counters isn't decremented. If I really put the wrong PIN then the counter is decremented and I get the following response:

Code:
D[0000]  69 82                                              i.             
OK


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Feb 18, 2016 10:16 am 
Offline
Yubico Moderator
Yubico Moderator

Joined: Fri Jan 02, 2015 12:22 pm
Posts: 16
The script was meant to be a temporary solution, pending a proper one. It should support all kind of PINs, but it's really intended to be run with simple ones. Preferably you want to use it with the default Admin PIN, before you personalize anything in order to prevent any security issue.

That being said...
Any chance that you have special characters in your Admin PIN? Something like non-alphanumeric ones.

Alternatively, try to change the Admin PIN back to the default (12345678) or something similar (at least 8 characters) and run the script again.

Yet another idea is to print you the $PIN variable from within the script and try to see if there is something wrong whit that. I guess that would be the most useful thing.
*** BUT BE CAREFUL, THAT VALUE IT IS THE HEX ENCODING OF YOUR ADMIN PIN. SO POST IT ONLY IF YOU UNDERSTAND THE CONSEQUENCES. ***


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 18, 2016 10:55 am 
Offline

Joined: Wed Feb 17, 2016 12:14 pm
Posts: 4
Alessio wrote:
Any chance that you have special characters in your Admin PIN? Something like non-alphanumeric ones.

Alternatively, try to change the Admin PIN back to the default (12345678) or something similar (at least 8 characters) and run the script again.


Yes, that was it, thank you - my Admin "PIN" is actually a passphrase with non-alphanumeric characters. I temporarily changed it to a numeric string and now I have the feature working.

Many thanks,
Chris


Top
 Profile  
Reply with quote  
PostPosted: Thu Feb 18, 2016 11:06 am 
Offline
Yubico Moderator
Yubico Moderator

Joined: Fri Jan 02, 2015 12:22 pm
Posts: 16
Great.

For the records in case somebody will stumble upon this in the future, it's a good idea to do what you did (having a complex Admin PIN). Just use the script before doing any personalization.

And hopefully we'll come up with a proper tool sooner rather than later (although, in my opinion, the above advice stands. No matter which tool you're using).


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group