Yubico Forum https://forum.yubico.com/ |
|
yubitouch.sh not working on OS X El Capitan https://forum.yubico.com/viewtopic.php?f=35&t=2227 |
Page 1 of 1 |
Author: | chrisamin [ Wed Feb 17, 2016 12:22 pm ] |
Post subject: | yubitouch.sh not working on OS X El Capitan |
I'm not able to set the Yubikey 4 Touch feature for my PGP sig keys. I run yubitouch.sh like this: yubitouch.sh sig on and after entering my Admin PIN I get this output: "Verification failed, wrong pin?" When the script runs this command $GCA --hex "scd apdu 00 20 00 83 $PIN_LEN $PIN" /bye it gets this as output: Code: D[0000] 67 00 g. OK Because it doesn't find "90 00" the script then dies. However, I don't think the PIN is wrong because the Admin PIN attempts counters isn't decremented. If I really put the wrong PIN then the counter is decremented and I get the following response: Code: D[0000] 69 82 i.
OK |
Author: | Alessio [ Thu Feb 18, 2016 10:16 am ] |
Post subject: | Re: yubitouch.sh not working on OS X El Capitan |
The script was meant to be a temporary solution, pending a proper one. It should support all kind of PINs, but it's really intended to be run with simple ones. Preferably you want to use it with the default Admin PIN, before you personalize anything in order to prevent any security issue. That being said... Any chance that you have special characters in your Admin PIN? Something like non-alphanumeric ones. Alternatively, try to change the Admin PIN back to the default (12345678) or something similar (at least 8 characters) and run the script again. Yet another idea is to print you the $PIN variable from within the script and try to see if there is something wrong whit that. I guess that would be the most useful thing. *** BUT BE CAREFUL, THAT VALUE IT IS THE HEX ENCODING OF YOUR ADMIN PIN. SO POST IT ONLY IF YOU UNDERSTAND THE CONSEQUENCES. *** |
Author: | chrisamin [ Thu Feb 18, 2016 10:55 am ] |
Post subject: | Re: yubitouch.sh not working on OS X El Capitan |
Alessio wrote: Any chance that you have special characters in your Admin PIN? Something like non-alphanumeric ones. Alternatively, try to change the Admin PIN back to the default (12345678) or something similar (at least 8 characters) and run the script again. Yes, that was it, thank you - my Admin "PIN" is actually a passphrase with non-alphanumeric characters. I temporarily changed it to a numeric string and now I have the feature working. Many thanks, Chris |
Author: | Alessio [ Thu Feb 18, 2016 11:06 am ] |
Post subject: | Re: yubitouch.sh not working on OS X El Capitan |
Great. For the records in case somebody will stumble upon this in the future, it's a good idea to do what you did (having a complex Admin PIN). Just use the script before doing any personalization. And hopefully we'll come up with a proper tool sooner rather than later (although, in my opinion, the above advice stands. No matter which tool you're using). |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |