Yubico Forum

Hi,

I'm trying to configure my Yubikey Neo with a GPG key (ultimately for use with SSH). The yubikey shows update and running "gpg --card-status" works just fine. When I follow the steps to generate a new gpg key, it gets all the way until the end and then comes up with the following:

[ ...answering questions prior to this ]
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (26 seconds)
gpg: signatures created so far: 0
gpg: existing key will be replaced
gpg: please wait while key is being generated ...
gpg: key generation completed (19 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
You need a Passphrase to protect your secret key.

.+++++
...+++++
gpg: writing new key
gpg: storing key onto card failed: not supported
Key generation failed: not supported

I've disabled SELinux (setenforce 0) in case that was the problem. I've also tried the procedure as root and receive the same error (so it doesn't seem to be permissions based).

Any guidance for other things to investigate / look at would be much appreciated. The guide that I'm following is this one: https://blog.habets.se/2013/02/GPG-and- ... ubikey-NEO

Thanks.

Which version of GPG are you using ?

Version 1.4.19 (on Fedora 21).
Thanks.

$ gpg --version
gpg (GnuPG) 1.4.19
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Just grabbed a friend's Yubikey Neo (which he hasn't done anything with yet) and tried writing a gpg key to it and his work's fine. I'm guessing it's some other setting that I've enabled (possibly enabling u2f?) which is preventing gpg keys from being written to the device.

I'm sure there's a factory reset procedure for the Yubikey Neo somewhere, so I'll give that a go and will post how I get on. If it's still broken after the factor rest it could be a hardware fault, but I'm think that this is unlikely (and more likely it will just start working).

Ok some version of gpg 2.x do not support genkey command

https://developers.yubico.com/ykneo-ope ... pplet.html

if doesn't work submit warranty replacement to yubi.co/support

Hi Tom,

Good news. I've managed to get it working by running ykpersonalizatoin -m6 (I think that was it). Previously I'd been using -m82, as per all the instructions that I had read, but this change seems to have done the trick. I haven't looked in to exactly what these changes mean yet (I took the, just keep changing stuff and hope that it works approach to troubleshooting) but at least I know that my Yubikey is fine and it's likely some combination of configuration that I've applied that's causing the issue.

Thank you very much for your help.