Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:14 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Tue Oct 17, 2017 4:52 pm 
Offline

Joined: Tue Oct 17, 2017 4:43 pm
Posts: 5
Hi there,

I have a YubiKey 4 that works perfectly on my desktop (running the latest Windows 10 insider build) out of the box with GPG4Win. I managed to generate gpg keys on the device and sign Git commits all in PowerShell.

However, on my Surface Book I cannot get gpg to pick up the device. I have tried installing the YubiKey PIV driver, uninstalling it, removing drivers, etc., and I always get this:
Code:
PS C:\Users\Christopher> gpg --card-status --verbose
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device


Code:
PS C:\Users\Christopher> gpg --card-edit --verbose

gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device

gpg/card>


Code:
PS C:\Users\Christopher> gpg-connect-agent.exe --hex "scd apdu 00 f1 00 00" /bye
ERR 100663406 Card removed <SCD>


Code:
PS C:\Users\Christopher> certutil -scinfo
The Microsoft Smart Card Resource Manager is running.
Current reader/card status:
Readers: 2
  0: Windows Hello for Business 13
  1: Yubico Yubikey 4 OTP+U2F+CCID 0
--- Reader: Windows Hello for Business 13
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
--- Status: The card is available for use.
---   Card: Identity Device (Microsoft Generic Profile)
---    ATR:
        3b 8d 01 80 fb a0 00 00  03 97 42 54 46 59 04 01   ;.........BTFY..
        cf                                                 .

--- Reader: Yubico Yubikey 4 OTP+U2F+CCID 0
--- Status: SCARD_STATE_PRESENT | SCARD_STATE_UNPOWERED
--- Status: The card is available for use.
---   Card: Yubikey 4 Smart Card
---    ATR:
        3b f8 13 00 00 81 31 fe  15 59 75 62 69 6b 65 79   ;.....1..Yubikey
        34 d4

After this, I am asked for my login PIN a couple of times and the Windows Hello (device #0) certificates are shown. Once it processes device #1 (the YubiKey) the following data is outputted.
Code:
Displayed  cert for reader: Windows Hello for Business 13

--------------===========================--------------

=======================================================
Analyzing card in reader: Yubico Yubikey 4 OTP+U2F+CCID 0
Microsoft Base Smart Card Crypto Provider: Missing stored keyset
Microsoft Smart Card Key Storage Provider: Missing stored keyset

--------------===========================--------------
CertUtil: -SCInfo command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
CertUtil: Keyset does not exist


Any idea what is causing this? I've been battling with it for hours. The only idea I can think of is that gpg is defaulting to the Windows Hello quasi-smart card and therefore ignoring the YubiKey but I'm not sure of a way of testing this as I am new to smart cards. To reiterate, the same version of gpg4win worked fine on a desktop out of the box with the same version of Win10.

Many thanks!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Oct 19, 2017 6:40 pm 
Offline

Joined: Thu Oct 19, 2017 6:31 pm
Posts: 3
I am having the same issue - Windows 10 / 1709 - Build 16299.19

According to Device Manager, the system sees the Smart Card device as a "YubiKey Smart Card" with a driver version of 9/22/2017 (v3.3.1.5) provider Yubico. Even rolling back the driver to be an "Identity Device (NIST SP 800-73 [PIV])" doesn't work.

certutil -scinfo fails and the device does not detect the authentication certificate stored on the PIV module.

Code:
Microsoft Base Smart Card Crypto Provider: Missing stored keyset
Microsoft Smart Card Key Storage Provider: Missing stored keyset

--------------===========================--------------
CertUtil: -SCInfo command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
CertUtil: Keyset does not exist


The PIV Manager tool *does* see the device (PIV Applet Version 4.3.5) and sees the loaded certificate in the authentication slot (9a).

Likewise, the PIV command line tool can read the certificate just fine.

I have also tested my built-in traditional smart card reader with a PIV smart card and it works just fine on this build of Windows.


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 19, 2017 6:46 pm 
Offline

Joined: Thu Oct 19, 2017 6:31 pm
Posts: 3
Update:

Found this post: viewtopic.php?f=26&t=2739&start=10

Uninstalling the "YubiKey Minidriver" from Programs and Features (Start > Run > appwiz.cpl) and changing the driver to the Identity Device NIST restored functionality.


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 19, 2017 9:16 pm 
Offline

Joined: Tue Oct 17, 2017 4:43 pm
Posts: 5
Thanks so much for your response @DanielJewell. Unfortunately removing the Yubico drivers still has not solved this issue, however :/

I'm getting different results, however. When I run certutil -scinfo the YubiKey is detected properly but when it tries to gather info I get an error that looks like this:
Attachment:
smartcarderror.PNG
smartcarderror.PNG [ 116.84 KiB | Viewed 1726 times ]


Any further ideas? I am also on Windows 10 build 16299.19. This is how my Device Manager looks:
Attachment:
devicemgr.PNG
devicemgr.PNG [ 75.51 KiB | Viewed 1726 times ]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 20, 2017 12:41 pm 
Offline

Joined: Mon Oct 16, 2017 6:13 pm
Posts: 12
It is not just a driver. Most importantly is to uninstall Yubikey Smart Card Minidriver software from "Programs and Features"


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 20, 2017 12:51 pm 
Offline

Joined: Tue Oct 17, 2017 4:43 pm
Posts: 5
Sas wrote:
It is not just a driver. Most importantly is to uninstall Yubikey Smart Card Minidriver software from "Programs and Features"

Thanks for your reply!

I removed the driver too. The only Yubico software I have installed is shown here:
Attachment:
add remove programs.PNG
add remove programs.PNG [ 58.35 KiB | Viewed 1703 times ]

I also deleted the C:\ProgramData\Yubico\ykey folder entirely.

All OEM Drivers installed have been exported by Driver Store Explorer below. The only one that could be questionable is the Cisco VPN driver (some posts indicated that sometimes VPN applications cause issues by hijacking the smart card), but I have this exact VPN program on my desktop which works flawlessly.

Code:
OEM INF   INF   Package Provider   Driver Class   Driver Date   Driver Version   Driver Signer   Driver Size
oem91.inf   commonsystem.inf   INTEL   System devices   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   52152
oem50.inf   csi2hostcontrollerdriver.inf   Intel Corporation   System devices   06/24/2016   30.10586.7109.2672   Microsoft Windows Hardware Compatibility Publisher   144106
oem79.inf   csi2hostcontrollerdriver.inf   Intel Corporation   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   142354
oem21.inf   heci.inf   Intel   System devices   12/24/2015   11.0.0.1176   Microsoft Windows Hardware Compatibility Publisher   2312029
oem8.inf   heci.inf   Intel   System devices   11/16/2016   11.6.0.1042   Microsoft Windows Hardware Compatibility Publisher   259724
oem29.inf   iactrllogic64.inf   Intel Corporation   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   206712
oem82.inf   iaisp64.inf   Intel   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   71509
oem47.inf   iaprecisetouch.inf   Intel Corporation   Human Interface Devices   01/26/2017   1.2.0.83   Microsoft Windows Hardware Compatibility Publisher   805067
oem80.inf   iaprecisetouch.inf   Intel Corporation   Human Interface Devices   09/09/2016   1.2.0.70   Microsoft Windows Hardware Compatibility Publisher   804727
oem7.inf   intcaudiobus.inf   Intel(R) Corporation   System devices   01/20/2017   9.21.0.2102   Microsoft Windows Hardware Compatibility Publisher   343864
oem18.inf   intcoed.inf   Intel(R) Corporation   System devices   05/17/2016   8.20.0.931   Microsoft Windows Hardware Compatibility Publisher   30618224
oem24.inf   intcoed.inf   Intel(R) Corporation   System devices   01/20/2017   9.21.0.2102   Microsoft Windows Hardware Compatibility Publisher   39565712
oem75.inf   ov5693.inf   Intel Corporation   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   5837231
oem3.inf   ov7251.inf   Intel Corporation   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   764579
oem6.inf   ov8865.inf   Intel Corporation   System devices   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   4561752
oem38.inf   samsung_usb_driver.inf   libusb.org   Universal Serial Bus devices   07/14/2009   6.1.7600.16385   Unknown   2742126
oem87.inf   skylakesystem.inf   INTEL   System devices   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   57548
oem31.inf   skylakesystem.inf   INTEL   System devices   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   58790
oem103.inf   ssudbus.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   155738
oem109.inf   ssudcdf.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   73087
oem112.inf   ssuddmgr.inf   SAMSUNG Electronics Co., Ltd.   Ports (COM & LPT)   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   247358
oem105.inf   ssudmarv.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   2238929
oem106.inf   ssudobex.inf   SAMSUNG Electronics Co., Ltd.   Ports (COM & LPT)   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   247356
oem104.inf   ssudrmnet.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   1603432
oem108.inf   ssudsdb.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   2238473
oem97.inf   ssudserd.inf   SAMSUNG Electronics Co., Ltd.   Ports (COM & LPT)   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   247751
oem98.inf   ss_conn_usb_driver.inf   SAMSUNG Electronics Co., Ltd.   Universal Serial Bus controllers   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   65726
oem49.inf   sunrisepoint-lpsdhost.inf   INTEL   SD host adapters   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   50796
oem76.inf   sunrisepoint-lpsystem.inf   INTEL   System devices   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   134456
oem62.inf   sunrisepoint-lpsystem.inf   INTEL   System devices   07/14/2015   10.1.1.9   Microsoft Windows Hardware Compatibility Publisher   133734
oem20.inf   surfaceaccessoryfwupdate.inf   Surface   System devices   03/04/2017   1.2.108.0   Microsoft Windows Hardware Compatibility Publisher   18620
oem14.inf   surfaceacpibattery.inf   Microsoft   Batteries   11/13/2015   1.2.0.2   Microsoft Windows Hardware Compatibility Publisher   19051
oem35.inf   surfacebasefwupdate.inf   Microsoft   System devices   10/03/2016   2.0.97.0   Microsoft Windows Hardware Compatibility Publisher   492809
oem66.inf   surfacebaseintegration.inf   Microsoft   Human Interface Devices   08/18/2015   1.1.359.0   Microsoft Windows Hardware Compatibility Publisher   80398
oem96.inf   surfacebutton.inf   Microsoft   System devices   06/09/2016   1.1.662.0   Microsoft Windows Hardware Compatibility Publisher   139564
oem45.inf   surfacecamerawindowshello.inf   Surface   System devices   08/01/2017   1.0.85.1   Microsoft Windows Hardware Compatibility Publisher   17694
oem15.inf   surfacedigitizerintegration.inf   Microsoft   Human Interface Devices   08/18/2015   1.1.359.0   Microsoft Windows Hardware Compatibility Publisher   81108
oem37.inf   surfacedisplaycalibration.inf   Microsoft   System devices   11/18/2015   1.1.381.0   Microsoft Windows Hardware Compatibility Publisher   71016
oem39.inf   surfacedockfwupdate.inf   Microsoft   System devices   03/22/2016   1.2.6.0   Microsoft Windows Hardware Compatibility Publisher   700629
oem63.inf   surfacedockintegration.inf   Microsoft   Human Interface Devices   03/14/2016   1.0.6.0   Microsoft Windows Hardware Compatibility Publisher   62018
oem43.inf   surfacedtxdriver.inf   Surface   System devices   04/27/2017   1.3.792.1   Microsoft Windows Hardware Compatibility Publisher   3185978
oem13.inf   surfaceec.inf   Microsoft   Firmware   07/29/2016   90.1277.256.0   Microsoft Windows Hardware Compatibility Publisher   180569
oem86.inf   surfaceintegrationdriver.inf   Surface   System devices   05/15/2017   1.1.333.0   Microsoft Windows Hardware Compatibility Publisher   132737
oem56.inf   surfacekeyboardbacklight.inf   Microsoft   System devices   09/14/2015   1.1.373.0   Microsoft Windows Hardware Compatibility Publisher   188405
oem32.inf   surfaceme.inf   Microsoft   Firmware   05/01/2015   1.0.0.0   Microsoft Windows Hardware Compatibility Publisher   16622
oem61.inf   surfaceme.inf   Surface   Firmware   04/05/2017   11.6.25.1229   Microsoft Windows Hardware Compatibility Publisher   2052173
oem26.inf   surfaceme.inf   Microsoft   Firmware   07/26/2016   11.0.15.1003   Microsoft Windows Hardware Compatibility Publisher   2052382
oem71.inf   surfacenvmexpresscontroller.inf   Microsoft   Storage controllers   12/05/2016   11.0.0.1   Microsoft Windows Hardware Compatibility Publisher   18754
oem88.inf   surfacepen.inf   Microsoft   Human Interface Devices   07/27/2015   1.1.352.0   Microsoft Windows Hardware Compatibility Publisher   18721
oem84.inf   surfacepenclickfilter.inf   Microsoft   Keyboards   08/18/2015   1.1.350.1   Microsoft Windows Hardware Compatibility Publisher   83195
oem2.inf   surfacependriver.inf   Microsoft   Human Interface Devices   05/23/2016   12.0.303.1   Microsoft Windows Hardware Compatibility Publisher   1933496
oem90.inf   surfacepenintegration.inf   Microsoft   Human Interface Devices   08/18/2015   1.1.359.0   Microsoft Windows Hardware Compatibility Publisher   82262
oem68.inf   surfacepenpairing.inf   Surface   System devices   03/10/2017   3.0.0.1   Microsoft Windows Hardware Compatibility Publisher   234141
oem19.inf   surfacepowermeter.inf   Microsoft   System devices   02/19/2015   1.1.65.1   Microsoft Windows Hardware Compatibility Publisher   17593
oem0.inf   surfacesam.inf   Surface   Firmware   02/16/2017   90.1610.256.0   Microsoft Windows Hardware Compatibility Publisher   195635
oem27.inf   surfaceservicenulldriver.inf   Microsoft   System devices   10/11/2016   1.0.241.0   Microsoft Windows Hardware Compatibility Publisher   789939
oem11.inf   surfacesoftwareservicingdriver.inf   Microsoft   Human Interface Devices   07/12/2015   3.0.10.0   Microsoft Windows Hardware Compatibility Publisher   55907
oem36.inf   surfacestoragefwupdate.inf   Microsoft   System devices   10/16/2015   1.1.447.0   Microsoft Windows Hardware Compatibility Publisher   2834034
oem74.inf   surfacesystemtelemetrydriver.inf   Microsoft   System devices   08/20/2015   3.0.100.0   Microsoft Windows Hardware Compatibility Publisher   83488
oem52.inf   surfacetouch.inf   Microsoft   Firmware   06/20/2016   51.250.94.229   Microsoft Windows Hardware Compatibility Publisher   328390
oem12.inf   surfacetouchservicingml.inf   Microsoft   System devices   05/11/2016   1.0.207.0   Microsoft Windows Hardware Compatibility Publisher   2935163
oem10.inf   surfaceuefi.inf   Surface   Firmware   06/13/2017   91.1741.768.0   Microsoft Windows Hardware Compatibility Publisher   3951435
oem64.inf   surfaceusbhubfwupdate.inf   Microsoft   System devices   12/02/2016   1.0.519.0   Microsoft Windows Hardware Compatibility Publisher   1057237
oem92.inf   adobepdf.inf   Adobe   Printers   01/20/2017   12.1.0.0   Microsoft Windows Hardware Compatibility Publisher   1722843
oem100.inf   android_winusb.inf   ASUSTeK COMPUTER INC.   Kedacom USB Device   03/25/2014   8.0.0.2   Microsoft Windows Hardware Compatibility Publisher   2815834
oem42.inf   android_winusb.inf   Google, Inc.   Kedacom USB Device   08/28/2016   11.0.0.0   Microsoft Windows Hardware Compatibility Publisher   2897575
oem58.inf   android_winusb.inf   Google, Inc.   Kedacom USB Device   08/28/2014   11.0.0.0   Google Inc   2754724
oem83.inf   atgh4627.inf   Intel Corporation   Display adapters   03/09/2017   21.20.16.4627   Microsoft Windows Hardware Compatibility Publisher   684549744
oem9.inf   dlcdcncm.inf   DisplayLink Corp.   Network adapters   04/05/2017   8.2.1629.0   Microsoft Windows Hardware Compatibility Publisher   618852
oem85.inf   dlidusb.inf   DisplayLink   Display adapters   05/22/2017   8.2.1952.0   Microsoft Windows Hardware Compatibility Publisher   11227322
oem72.inf   dlusbaudio.inf   DisplayLink Corp.   Sound, video and game controllers   04/07/2017   8.2.1638.0   Microsoft Windows Hardware Compatibility Publisher   761523
oem25.inf   hdxsstm.inf   Realtek Semiconductor Corp.   Sound, video and game controllers   08/05/2016   6.0.1.7895   Microsoft Windows Hardware Compatibility Publisher   21504430
oem81.inf   iacamera64.inf   Intel   Sound, video and game controllers   05/24/2017   30.15063.10999.4731   Microsoft Windows Hardware Compatibility Publisher   38818956
oem89.inf   intcdaud.inf   Intel(R) Corporation   Sound, video and game controllers   05/10/2016   6.16.0.3197   Microsoft Windows Hardware Compatibility Publisher   2601197
oem53.inf   intcdaud.inf   Intel(R) Corporation   Sound, video and game controllers   12/01/2016   10.22.1.97   Microsoft Windows Hardware Compatibility Publisher   7965766
oem95.inf   mbtr8897w81x64.inf   Marvell Semiconductor, Inc.   Bluetooth   02/09/2017   15.68.9114.29   Microsoft Windows Hardware Compatibility Publisher   22107
oem4.inf   mrvlpcie8897.inf   Marvell Semiconductor, Inc.   Network adapters   02/09/2017   15.68.9114.29   Microsoft Windows Hardware Compatibility Publisher   1126655
oem78.inf   msux64w10.inf   Microsoft   Network adapters   01/24/2017   10.4.124.2017   Microsoft Windows Hardware Compatibility Publisher   485395
oem28.inf   nvmso.inf   NVIDIA   Display adapters   04/23/2017   22.21.13.8194   Microsoft Windows Hardware Compatibility Publisher   519875881
oem116.inf   prnms001.inf   Microsoft   Printers   06/21/2006   10.0.16299.15   Microsoft Windows   88504
oem30.inf   prnms006.inf   Microsoft   Printers   04/29/2013   16.0.1626.4000   Microsoft Windows Hardware Compatibility Publisher   128775
oem115.inf   prnms009.inf   Microsoft   Printers   06/21/2006   10.0.16299.15   Microsoft Windows   41460
oem101.inf   ssudadb.inf   SAMSUNG Electronics Co., Ltd.   Kedacom USB Device   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   2240289
oem107.inf   ssudeadb.inf   SAMSUNG Electronics Co., Ltd.   ADB Interface   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   1574845
oem102.inf   ssudmdm.inf   SAMSUNG Electronics Co., Ltd.   Modems   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   384911
oem114.inf   ssudmtp.inf   SAMSUNG Electronics Co., Ltd.   Portable Devices   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   32664
oem110.inf   ssudnd5.inf   SAMSUNG Electronics Co., Ltd.   Network adapters   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   1594043
oem111.inf   ssudrmnetmp.inf   SAMSUNG Electronics Co., Ltd.   Network adapters   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   1635764
oem99.inf   ssudrnds.inf   SAMSUNG Electronics Co., Ltd.   Network adapters   01/02/2014   2.11.7.0   Microsoft Windows Hardware Compatibility Publisher   39193
oem46.inf   surfacedisplay.inf   Microsoft   Monitors   08/31/2015   1.1.207.0   Microsoft Windows Hardware Compatibility Publisher   20064
oem113.inf   u2312hm.inf   Dell Inc.   Monitors   06/11/2012   2.0.0.0   Microsoft Windows Hardware Compatibility Publisher   26799
oem94.inf   vpnva-6.inf   Cisco Systems   Network adapters   02/26/2014   3.1.6019.0   Microsoft Windows Hardware Compatibility Publisher   73991
oem54.inf   wdcsam.inf   Western Digital Technologies   WD Drive Management devices   10/09/2015   1.1.0.0   Microsoft Windows Hardware Compatibility Publisher   81464



As an update, I have been able to use my YubiKey with my other Windows 10 laptop out of the box just fine, too. All I needed was GPG4Win.

The only thing I can think of at the moment is a conflict with the Windows Hello for Business smart card driver for the face ID built into the machine. Has anybody with a Surface Book / Pro 4 been able to use GPG with YubiKey?


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 08, 2017 8:41 pm 
Offline

Joined: Thu Aug 04, 2016 10:50 pm
Posts: 6
Do you happen to have the Symantec PKI Client installed? I just narrowed mine down to that. Once I uninstalled it (luckily we are moving to a different solution for vpn certificates) and rebooted the Yubikey started working with GnuPG.

Current Setup:

Windows 10 - 1709 (Build 16299.19)
Cisco AnyConnect Client - 4.5.02033
Yubikey 4 - Firmware 4.2.8

I hope this info helps you further diagnose your machine.

-j


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 09, 2017 12:58 am 
Offline

Joined: Tue Oct 17, 2017 4:43 pm
Posts: 5
jrotello wrote:
Do you happen to have the Symantec PKI Client installed? I just narrowed mine down to that. Once I uninstalled it (luckily we are moving to a different solution for vpn certificates) and rebooted the Yubikey started working with GnuPG.

Current Setup:

Windows 10 - 1709 (Build 16299.19)
Cisco AnyConnect Client - 4.5.02033
Yubikey 4 - Firmware 4.2.8

I hope this info helps you further diagnose your machine.

-j

Thanks for your response! I don't have this installed. I tried uninstalling the Cisco AnyConnect client too just in case (even though it doesn't conflict on my desktop) to no avail.

Interestingly, the machine has started installing the YubiKey Smart Card Minidriver automatically:
Code:
Driver Management has concluded the process to add Service UmPass for Device Instance ID SCFILTER\CID_597562696B657934\9&32612CC5&3&YUBICO_YUBIKEY_4_OTP+U2F+CCID_0_SCFILTER_CID_597562696B657934 with the following status: 0.


Even uninstalling this in appwiz.cpl causes it to be reinstalled on replug of the YubiKey.

I tried manually switching to the PIV driver but still no luck with that :(

Yubico support recommended just reinstalling Windows because apparently that fixed an issue on the Surface Pro, but surely there's another way?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 04, 2018 3:18 pm 
Offline
User avatar

Joined: Thu Jan 04, 2018 3:11 pm
Posts: 1
Sas wrote:
It is not just a driver. Most importantly is to uninstall Yubikey Smart Card Minidriver software from "Programs and Features"

I've identified this Minidriver as a cause that makes Windows not see X.509 certificates on the card. Unfortunately this Minidriver software is installed automatically with Yubico Smartcard Driver. The driver itself is harmless it can be left as is but the "Yubikey Smart Card Minidriver" in "Programs and Features" needs to be uninstalled before Windows can interact with certs there.

After importing new certs remember to use
Code:
yubico-piv-tool -k -a set-chuid
and re-insert the key (it makes Windows think it's a new card and bypass cache).

I wonder if someone from Yubico can comment on what the "Minidriver" does actually? I thought it's responsive for adding support for EC-based certs (that are not visible by default in Windows) but on my machine it just completely doesn't work.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 04, 2018 3:38 pm 
Offline

Joined: Tue Oct 17, 2017 4:43 pm
Posts: 5
wiktor wrote:
Sas wrote:
It is not just a driver. Most importantly is to uninstall Yubikey Smart Card Minidriver software from "Programs and Features"

I've identified this Minidriver as a cause that makes Windows not see X.509 certificates on the card. Unfortunately this Minidriver software is installed automatically with Yubico Smartcard Driver. The driver itself is harmless it can be left as is but the "Yubikey Smart Card Minidriver" in "Programs and Features" needs to be uninstalled before Windows can interact with certs there.

After importing new certs remember to use
Code:
yubico-piv-tool -k -a set-chuid
and re-insert the key (it makes Windows think it's a new card and bypass cache).

I wonder if someone from Yubico can comment on what the "Minidriver" does actually? I thought it's responsive for adding support for EC-based certs (that are not visible by default in Windows) but on my machine it just completely doesn't work.

Hey, thanks for your reply. I've done this (in fact, I totally reset PIV first so let's hope I still have my GPG keys!). The key is now coming up in Device Manager as an "Identity Device (NIST SP-800-73 [PIV])" but GPG still can't talk to it from my Surface Book :(

I don't have the time at the moment to reinstall Windows as recommended by Yubico support.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group