Yubico Forum

Long story short:-



Slightly longer story:-
1. Generated key
2. Changed the admin/normal pin
3. Card went insane and started accusing me that my admin pin was incorrect, and that my normal pin was incorrect when attempting to regenerate keys (But only there, all other occurrences of normal pin worked fine) despite the fact that GPG accepted the pin (It accepted, went through the questions, then complained once it got to actually generating, an incorrect-incorrect pin would error out instantly).
4. I, purposefully, got my admin password incorrect to lock the device, assuming this would reset it
5. Locked.

Any assistance?

Bit more information:-
Neo firmware:- 3.3.0
Neo mode:- U2F+CCID
Neo U2F version:- "1.0.1 installed"
Neo OpenPGP version:- "Installed" (All other apps state their version, this one, however, does not)

Check ResetApplet.

Since I read somewhere this should only occur if you're in smart-card only mode when you push the button on the Yubikey (Even though I was in u2f+ccid mode), I switched to ccid then started messing with the button:-



Keeps telling me the card is removed, despite (obviously), there being no card to remove. Tapping the button does nothing.

EDIT:- Messing around a little more got me:-


EDIT:- I also am unable to reinstall the OpenGPG applet (I thought I read somewhere doing this would wipe all related data to it):-
>mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)

From the gpshell command.

what is the serial number on your NEO?

Could you submit a support ticket on yubi.co/support

_________________
-Tom

Make a ticket including my serial number, but, for public reference (In case anyone else is having this issue, and I'm not too sure what the serial actually contains (I.E. if it's private or not)), it's >3,000,000, which I believe is the question you were actually asking.

No, we have a subset of serial with a bug in the openpgp applet, thus i need to know the exact serial number. It has nothing to do with transport key.

You can send that to me via PM if you wish i'll forward that to the support guys.

Tom

_________________
-Tom

The reason I didn't PM it to you was because I did include it in my support ticket, I have, however, just sent you a PM with it again. Thanks.

Thought I may add this update:- I updated my neo manager to 1.0.0 to test out the OTP+U2F+CCID functionality (Although, apparently my Distro's Chromium package is still on v38, so, I'll have to wait to test this as I don't feel like compiling Chromium myself), while messing around in the neo manager I did spot these errors floating around in the command line:-



As I normally run neomanager from dmenu (A little tool that launches applications, sort of like the 'run' dialog on Windows) I've never really seen the std{out,err} of neoman. The neoman interface works fine, even with these errors/exceptions, but, obviously something is going on behind the scenes that even your own software can't deal with, unfortunately, I don't know the APDU command list, so, I don't know what the actual commands it's issuing are, nor what the response is.

Sorry for bumping this, I just received my replacement Yubikey Neo in the mail today (Yay!), I have yet to plug it in yet as I'm a little bit scared of it dying on me again though.

Can I verify with you guys before I plug it in and start configuring it:-

1. I can change the smart-card pins with no limitations of how many times I change it (Within reason, I'm not going to change it thousands of times, maybe three or four times, just to verify it works).
2. I can change the smart-card pins to whatever I want with no limitations of characters (I'm allowed alpha? numerical? special? Unicode? Which characters are not allowed?)
3. I can lock the device by getting the pin (Both admin & normal) incorrect three times, and I can actually unlock it using the above 'reset applet' link, correct? It's not going to lock up on me once I get it wrong three times and be bricked again?
4. I can modify all the special values surrounding the smart-card (Name, public key URL, sex, etc...)

I'd rather verify this with you guys first and miss out of a day of use while waiting for you to respond than have it brick on me and have to go through this whole ordeal again. I hope you understand.

Thanks!

Yes, you can
yes it can be alphanumeric, not sure about unicode you have to check gpg manual
You can reset it only when user/admin pin are both block
yes

_________________
-Tom