Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:51 pm

View unanswered posts | View active topics


Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Print view Previous topic | Next topic 
Author Message
Borealid
PostPosted: Sun May 05, 2013 4:20 am 
Offline

Joined: Sun May 05, 2013 4:13 am
Posts: 3
I appear to be unable to either reset the user PIN or regenerate the GPG key without entering it.

I'd love to be able to reset this NEO to "factory". I do know (and did enter) the correct *admin* PIN.

Code:
$ gpg --version
gpg (GnuPG) 2.0.19
libgcrypt 1.5.0
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ gpg --card-edit

scdaemon[20583]: updating slot 0 status: 0x0000->0x0007 (0->1)
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 2 3
Signature counter : 5
Signature key ....: 4FE2 94B5 4F09 D6F9 DA2F  42B5 6CA8 5536 A7C3 08D6
      created ....: 2013-02-10 19:46:03
Encryption key....: CA53 7394 CB9C 08F9 AA09  23AD 0985 71BC BC97 27BA
      created ....: 2013-02-10 19:46:03
Authentication key: 94B5 51E6 D68B 8D83 BAC7  A735 A63C B5C9 B28A ABBB
      created ....: 2013-02-10 19:46:03
General key info..:
pub  2048R/A7C308D6 2013-02-10 ********* (Hardware Token) <***@**.***>
sec>  2048R/A7C308D6  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001
ssb>  2048R/B28AABBB  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001
ssb>  2048R/BC9727BA  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001

gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. D2760001240102000000000000010000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 2
scdaemon[20583]: 3 Admin PIN attempts remaining before card is permanently locked
scdaemon[20583]: DBG: asking for PIN '|A|Please enter the Admin PIN'
scdaemon[20583]: DBG: asking for PIN '|N|New PIN'
PIN unblocked and new PIN set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? Q

gpg/card> verify
scdaemon[20583]: DBG: asking for PIN '||Please enter the PIN'
scdaemon[20583]: verify CHV2 failed: Card error
scdaemon[20583]: app_check_pin failed: Card error

Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 2 3
Signature counter : 5
Signature key ....: 4FE2 94B5 4F09 D6F9 DA2F  42B5 6CA8 5536 A7C3 08D6
      created ....: 2013-02-10 19:46:03
Encryption key....: CA53 7394 CB9C 08F9 AA09  23AD 0985 71BC BC97 27BA
      created ....: 2013-02-10 19:46:03
Authentication key: 94B5 51E6 D68B 8D83 BAC7  A735 A63C B5C9 B28A ABBB
      created ....: 2013-02-10 19:46:03
General key info..:
pub  2048R/A7C308D6 2013-02-10 ********* (Hardware Token) <***@**.***>
sec>  2048R/A7C308D6  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001
ssb>  2048R/B28AABBB  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001
ssb>  2048R/BC9727BA  created: 2013-02-10  expires: never     
                      card-no: 0000 00000001


Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

Borealid
PostPosted: Fri Jun 14, 2013 11:26 pm 
Offline

Joined: Sun May 05, 2013 4:13 am
Posts: 3
After reading another thread on these forums (at viewtopic.php?f=26&t=1074 ), I was able to reset the PIN.

First, I had to compile a whole stack of software to get gpshell working and connect the Yubikey as an OpenSC reader. This required an *old* version of the OpenSC plugin, before they transitioned from autotools to CMake.

After I had gpshell up, I sent a new version of the GPG applet to the card. The updated GPG applet wiped the PIN and keys, allowing me to recreate them.

After installing the updated applet, I am able to change the PIN with gpg --card-edit without problems.

Long story short, if you have problems changing the user PIN in GPG, it is likely due to an older (but shipped!) version of the GPG applet.
Top
 Profile  
Reply with quote  
spmadden
PostPosted: Sun Jun 16, 2013 1:29 pm 
Offline

Joined: Fri Mar 01, 2013 4:22 am
Posts: 1
I'm having similar problems. What version of the opensc plugin did you have to roll back to get gpshell working?
Top
 Profile  
Reply with quote  
Borealid
PostPosted: Mon Jun 17, 2013 12:32 am 
Offline

Joined: Sun May 05, 2013 4:13 am
Posts: 3
spmadden wrote:
I'm having similar problems. What version of the opensc plugin did you have to roll back to get gpshell working?


Sorry, it was the PC/SC connection plugin. My mistake. OpenSC is not involved here.

I used revision 351 from SVN ( http://sourceforge.net/p/globalplatform/code/351/ ). I believe this is the only version that will work with the applet posted in the other Yubico linked thread, as it is looking for version 1.0.0 of the library.

I use Linux. Building opensc itself was not an issue, but everything involved feels pretty crusty. I ended up using libglobalplatform.so.6+7.0.0 and gpshell 6.0.0, with the above-mentioned gppcscconnectionplugin 1.0.0.

EDIT: As an addendum, I had to upgrade my PC/SC (to 1.8.8) to get the Yubikey recognized. Just because it's usable as a USB keyboard (or even as a GPG smartcard!) doesn't mean gpshell can connect to it. You have to be able to see the card when you run pcsc_scan for the gpshell upload to work. I tried using an old OmniKey CardMan reader I've got floating around (which I know has contactless smartcard capabilities), but it didn't seem to see the Neo.
Top
 Profile  
Reply with quote  
hiviah
PostPosted: Wed Jul 10, 2013 4:41 pm 
Offline

Joined: Tue May 28, 2013 1:14 pm
Posts: 26
Borealid wrote:
I tried using an old OmniKey CardMan reader I've got floating around (which I know has contactless smartcard capabilities), but it didn't seem to see the Neo.


A note on Cardman reader, since it also took me a while to get it running - for NFC it requires binary driver blob to be downloaded from https://www.hidglobal.com/drivers. The driver library .so needs then to be placed in /usr/lib64/pcsc/drivers (or /usr/lib/ for x86), the driver zip contains readme file.

With that driver blob Neo is recognized fine, also any operation that works via USB CCID also works over NFC.
Top
 Profile  
Reply with quote  
dreamss
PostPosted: Tue Aug 06, 2013 8:12 pm 
Offline

Joined: Mon Aug 13, 2012 9:58 pm
Posts: 23
nm, after I restarted the daemon it works fine. seems i have to kill the dameon if i wanna eject my yubikey. or else it wont ask for a pin when i insert the key
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group