Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:08 am

View unanswered posts | View active topics


Board index » Yubikey » YubiKey 4

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 10 posts ] 
  Print view Previous topic | Next topic 
Author Message
ddrbt
PostPosted: Wed Feb 08, 2017 2:44 am 
Offline

Joined: Wed Feb 08, 2017 2:20 am
Posts: 4
I'm trying to export pgp keys to my yubikey but
Code:
gpg2 --card-status
gives me this:

Code:
gpg: selecting openpgp failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device


I have tried to reset my card using the instructions
here: https://developers.yubico.com/ykneo-openpgp/ResetApplet.html
and here: https://forum.yubico.com/viewtopic.php?f=35&t=2193&p=8245&hilit=openpgp+applet+reset to no avail.

Attempting to run this:

Code:
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo Card has been successfully reset.


Gives me this:

Code:
ERR 100696144 Operation not supported by device <SCD>
gpg-connect-agent: stopping script execution


Any suggestions?
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

ChrisHalos
PostPosted: Wed Feb 08, 2017 3:22 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
First I would recommend checking the firmware version (you can do this through YubiKey Personalization Tool)
Top
 Profile  
Reply with quote  
ddrbt
PostPosted: Wed Feb 08, 2017 4:17 am 
Offline

Joined: Wed Feb 08, 2017 2:20 am
Posts: 4
Thanks for your speedy reply!

Code:
$ ykpersonalize -V
Firmware version 4.2.8 Touch level 775 Program sequence 3
1.17.3
Top
 Profile  
Reply with quote  
ChrisHalos
PostPosted: Wed Feb 08, 2017 9:54 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
First try the activate command again, as this is the part that most frequently doesn't take (scd apdu 00 44 00 00). if that doesn't work enable debug and post as much info as you can generated when running the reset script.

Also, what is the Operating System and the gpg version? Have you tried killing the gpg-agent/scdaemon processes before attempting to run any more commands (or a full restart)?
Top
 Profile  
Reply with quote  
ddrbt
PostPosted: Sun Feb 12, 2017 8:51 am 
Offline

Joined: Wed Feb 08, 2017 2:20 am
Posts: 4
I'm running macOS Sierra 10.12.3.
gpg2 --version gives me this:

Code:
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6
.

I have rebooted my machine as well as killing scdaemon and gpg-agent between attempts.

This is what I get:

Code:
gpg-connect-agent --verbose --hex scd apdu 00 44 00 00
OK
ERR 67109139 Unknown IPC command <GPG Agent>
ERR 67109139 Unknown IPC command <GPG Agent>
ERR 67109139 Unknown IPC command <GPG Agent>
ERR 67109139 Unknown IPC command <GPG Agent>
ERR 67109139 Unknown IPC command <GPG Agent>
>
Top
 Profile  
Reply with quote  
trouble
PostPosted: Tue Feb 14, 2017 12:45 pm 
Offline

Joined: Tue Feb 14, 2017 12:39 pm
Posts: 3
I discovered this morning that the binary ("bottled") GnuPG 2.1.8 version in homebrew no longer likes Yubikeys. I haven't had a chance to debug, but building building gnupg21 without libusb appears to fix the problem:

Code:
brew reinstall gnupg21 --without-libusb


You may also need this in your $HOME/.gnupg/scdaemon.conf:

Code:
pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC


GnuPG 2.1.6 "just worked".

With any luck, this reply will encourage someone else to beat me to debugging the problem. ;-)
Top
 Profile  
Reply with quote  
trouble
PostPosted: Tue Feb 14, 2017 1:01 pm 
Offline

Joined: Tue Feb 14, 2017 12:39 pm
Posts: 3
Found in another thread: if you add ``disable-ccid`` to your $HOME/.gnupg/scdaemon.conf and restart any agents and daemons (``gpgconf --kill gpg-agent && gpgconf --launch gpg-agent``), it may magically start working for you.
Top
 Profile  
Reply with quote  
ddrbt
PostPosted: Fri Feb 17, 2017 1:41 am 
Offline

Joined: Wed Feb 08, 2017 2:20 am
Posts: 4
Thank you, trouble! rebuilding with `--without-libusb` appears to have fixed the problem for me.
Top
 Profile  
Reply with quote  
jcross
PostPosted: Fri Oct 13, 2017 1:23 pm 
Offline

Joined: Sun Oct 18, 2015 4:12 pm
Posts: 8
After trying hundreds of different things (including items above), this worked for me:

Add
Code:
shared-access

To this file:
Code:
~/.gnupg/scdaemon.conf


You may need to then kill all processes (not necessary in my case):

Code:
killall gpg-agent; killall scdaemon; killall gpg; killall dirmngr; gpgconf --kill all

And / or insert / remove the Yubikey.
Top
 Profile  
Reply with quote  
ChrisHalos
PostPosted: Sat Oct 14, 2017 6:09 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Try YubiKey Manager. It typically works when all other options fail:

https://developers.yubico.com/yubikey-m ... /Releases/

(1) install
(2) open Terminal/Command Prompt
(3) cd to the YubiKey Manager folder (Windows example: cd c:\Program Files (x86)\Yubico\YubiKey Manager)
(4) ykman openpgp reset
(5) y / enter to confirm reset
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 10 posts ] 

Board index » Yubikey » YubiKey 4

All times are UTC + 1 hour


Who is online

Users browsing this forum: Google [Bot] and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group