Yubico Forum :: View topic - [SOLVED] unknown status error when using subkeys on neo

$ gpg --clearsign demo.txt
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: apdu_send_simple(0) failed: unknown status error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$

$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
(. . .)

$ gpg --clearsign demo.txt
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
gpg: signatures created so far: 0

Please enter the PIN
[sigs done: 0]
gpg: verify CHV1 failed: general error
gpg: signing failed: general error
gpg: demo.txt: clearsign failed: general error
$ gpg --card-status
gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00'
(. . .)
Max. PIN lengths .: 127 127 127
PIN retry counter : 2 3 3
Signature counter : 0
(. . .)

2017-03-15 12:55:51 scdaemon[6132] detected reader `Yubico Yubikey NEO OTP+U2F+CCID 0'
2017-03-15 12:55:51 scdaemon[6132] pcsc_control failed: invalid PC/SC error code (0x1)
2017-03-15 12:55:51 scdaemon[6132] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2017-03-15 12:55:52 scdaemon[6132] updating slot 0 status: 0x0000->0x0007 (0->1)
2017-03-15 12:55:52 scdaemon[6132] triggering event e4 (000000E4) for client -1
2017-03-15 12:55:52 scdaemon[6132] signatures created so far: 0
2017-03-15 12:55:52 scdaemon[6132] DBG: asking for PIN '||Please enter the PIN%0A[sigs done: 0]'
2017-03-15 12:55:59 scdaemon[6132] apdu_send_simple(0) failed: unknown status error
2017-03-15 12:55:59 scdaemon[6132] app_sign failed: Card error

gpg/card> quit
PS > gpg --card-status
Application ID ...: (. . .)
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: (. . .)
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: (. . .)
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: (. . .)
created ....: 2017-03-11 15:44:33
Encryption key....: (. . .)
created ....: 2017-03-11 16:09:22
Authentication key: (. . .)
created ....: 2017-03-11 16:09:58
General key info..: sub 2048R/(. . .) 2017-03-11 (. . .)
sec# 4096R/(. . .) created: 2017-03-11 expires: never
ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11
card-no: (. . .)
ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11
card-no: (. . .)
ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11
card-no: (. . .)
PS >

PS > gpg --armor -su signingSubKeyID .\demo.txt
File `.\\demo.txt.asc' exists. Overwrite? (y/N) y
gpg: signing failed: Card error
gpg: signing failed: Card error

kubuntu@kubuntu:~$ echo "secret demo message." | gpg -aser my@email.addr
-----BEGIN PGP MESSAGE-----

hQEMA1Vwruc5f1VdAQf7BLS//ZhaFTVUPpD17tlMLjHEjgA/M6+8ME8keSBLm6o1
CPa6Ipqlrpi26UuOEtmFMeTfFOxdLvMBm+cPM4NOnGtVHRYnMcuWLh2lxtuS8QSm
qtaRuBjAw4+nruIPuQLZCNLzi1dZULrpGxb4PGCB4fzrcFzCcPKKPbbUkiH+GWS+
ucbbwK8gBR+zX5vUn81tVT26CrXqO/nNovrqtnRf1ADs9J/KFgBSQJkRUaLK6he8
YQ1EIuTDMuh0LQ/AQyvzpEnL3+IsyZRctDL4ZvU0h87OaqKnbqoG9Lt17YxTq0qt
Is5iVnW99qxyJHUFGCl7PM0xUjkznhAoLCnfT+V63dLAuwGQxKZ+6IzAyKVrcNCc
mkEU4f/Y0z1Z/eIYZdm9MDS50c6ltw6RaHelTK6VLb64LLzNa2tLWZME5E8BjgqU
fot0eOW0GIILvLG8rXnwCO6JtGzOGqqdivCQlXX/ZPy6dC9QLPhw6K2su26So2kV
roIT/2mAPlJe1R+7yv9XADdJ6kAjbwAwwBDYhCuJ3FT7Bji3ag+RA0WP4KWx+EoJ
yNWkW0XftUreSsD3V7JUY6gB+KYCohcZ1rpdRrJ5S3LpYibx0mIHI7/Lo+6q7S+2
hstYqUqTZO7Dak7sSxMbMKYlfYKI+yBhwHXqi8bd4FEi1Epi+JLmegwhxRgsf2Z+
awgGzZVoDcqortMTD+Ew74DX3bafv3+XgxtqwPfFeaE5Mr5vYhDTKGQ7sYifBVXH
SdpaaiUw5iZNJM2YZXd0XA22PTL4C5VsUKHdJ+lKrSOCXG9otefVkgJibwSs4E/O
QWitH5h5kXZ5SFpjQ7aLnxz0yjLOUFtzbbuVLj4=
=Tohz
-----END PGP MESSAGE-----
kubuntu@kubuntu:~$

Author:	jlr [ Tue Mar 14, 2017 5:40 am ]
Post subject:	[SOLVED] unknown status error when using subkeys on neo
i followed josefsson's instructions for setting up a neo with pgp subkeys on debian. everything seemed to work perfectly. but i cannot seem to sign or encrypt on windows (usb) or debian (usb) or android (usb\|nfc). debian seems to be the most descriptive of all: Code: $ gpg --clearsign demo.txt gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00' gpg: signatures created so far: 0 Please enter the PIN [sigs done: 0] gpg: apdu_send_simple(0) failed: unknown status error gpg: signing failed: general error gpg: demo.txt: clearsign failed: general error $ Code: $ gpg --card-status gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00' (. . .) Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 (. . .) if i enter the wrong pin, it throws a different error, and decrements the respective counter: Code: $ gpg --clearsign demo.txt gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00' gpg: signatures created so far: 0 Please enter the PIN [sigs done: 0] gpg: verify CHV1 failed: general error gpg: signing failed: general error gpg: demo.txt: clearsign failed: general error $ gpg --card-status gpg: detected reader `Yubico Yubikey NEO OTP+U2F+CCID 00 00' (. . .) Max. PIN lengths .: 127 127 127 PIN retry counter : 2 3 3 Signature counter : 0 (. . .) so i know the problem is not that i am entering the wrong pin. are there complexity requirements on the pin that may not be met? my user pin is 6 digits, admin pin is 8 digits. please help! many thanks.

Author:	jlr [ Wed Mar 15, 2017 8:56 pm ]
Post subject:	Re: [QUESTION] unknown status error when using subkeys on ne
windows logs this for scdaemon: Code: 2017-03-15 12:55:51 scdaemon[6132] detected reader `Yubico Yubikey NEO OTP+U2F+CCID 0' 2017-03-15 12:55:51 scdaemon[6132] pcsc_control failed: invalid PC/SC error code (0x1) 2017-03-15 12:55:51 scdaemon[6132] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547 2017-03-15 12:55:52 scdaemon[6132] updating slot 0 status: 0x0000->0x0007 (0->1) 2017-03-15 12:55:52 scdaemon[6132] triggering event e4 (000000E4) for client -1 2017-03-15 12:55:52 scdaemon[6132] signatures created so far: 0 2017-03-15 12:55:52 scdaemon[6132] DBG: asking for PIN '\|\|Please enter the PIN%0A[sigs done: 0]' 2017-03-15 12:55:59 scdaemon[6132] apdu_send_simple(0) failed: unknown status error 2017-03-15 12:55:59 scdaemon[6132] app_sign failed: Card error then some of the information is missing, including counters: Code: gpg/card> quit PS > gpg --card-status Application ID ...: (. . .) Version ..........: 2.0 Manufacturer .....: Yubico Serial number ....: (. . .) Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: (. . .) Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 0 0 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: (. . .) created ....: 2017-03-11 15:44:33 Encryption key....: (. . .) created ....: 2017-03-11 16:09:22 Authentication key: (. . .) created ....: 2017-03-11 16:09:58 General key info..: sub 2048R/(. . .) 2017-03-11 (. . .) sec# 4096R/(. . .) created: 2017-03-11 expires: never ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11 card-no: (. . .) ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11 card-no: (. . .) ssb> 2048R/(. . .) created: 2017-03-11 expires: 2018-03-11 card-no: (. . .) PS > so strange.

Author:	jlr [ Fri Mar 17, 2017 10:49 pm ]
Post subject:	Re: [QUESTION] unknown status error when using subkeys on ne
OK, i figured out that i can encrypt and decrypt. but i can't sign. signing throws the error. and once signing throws the error, i can't encrypt again until i pull the card, kill gpg2-agent, and reinsert the card. anyone know why this may be happening?

Author:	jlr [ Thu Mar 23, 2017 2:14 am ]
Post subject:	Re: [QUESTION] unknown status error when using subkeys on ne
One more note: specifying the specific subkey for signing does not solve the problem: Code: PS > gpg --armor -su signingSubKeyID .\demo.txt File `.\\demo.txt.asc' exists. Overwrite? (y/N) y gpg: signing failed: Card error gpg: signing failed: Card error I contacted Yubico support today. Hopefully they'll be able to help. I hope I just overlooked something silly! The encryption works all fine and dandy, which is cool. So I'm close to having this all working... I'll leave you all alone until I can mark this topic as solved. Thanks for looking, and sorry for the updates.

Author:	jlr [ Mon Mar 27, 2017 7:51 am ]
Post subject:	Re: [SOLVED] unknown status error when using subkeys on neo
I got it to work, with help of Yubico's Matthew. I booted a kubuntu live OS, and installed the packages as listed by Simon (backports unnecessary). I restored the secrets from my backup. I then moved the subkeys to the Neo, overwriting the old subkeys on the Neo. That resolved all the issues. Code: kubuntu@kubuntu:~$ echo "secret demo message." \| gpg -aser my@email.addr -----BEGIN PGP MESSAGE----- hQEMA1Vwruc5f1VdAQf7BLS//ZhaFTVUPpD17tlMLjHEjgA/M6+8ME8keSBLm6o1 CPa6Ipqlrpi26UuOEtmFMeTfFOxdLvMBm+cPM4NOnGtVHRYnMcuWLh2lxtuS8QSm qtaRuBjAw4+nruIPuQLZCNLzi1dZULrpGxb4PGCB4fzrcFzCcPKKPbbUkiH+GWS+ ucbbwK8gBR+zX5vUn81tVT26CrXqO/nNovrqtnRf1ADs9J/KFgBSQJkRUaLK6he8 YQ1EIuTDMuh0LQ/AQyvzpEnL3+IsyZRctDL4ZvU0h87OaqKnbqoG9Lt17YxTq0qt Is5iVnW99qxyJHUFGCl7PM0xUjkznhAoLCnfT+V63dLAuwGQxKZ+6IzAyKVrcNCc mkEU4f/Y0z1Z/eIYZdm9MDS50c6ltw6RaHelTK6VLb64LLzNa2tLWZME5E8BjgqU fot0eOW0GIILvLG8rXnwCO6JtGzOGqqdivCQlXX/ZPy6dC9QLPhw6K2su26So2kV roIT/2mAPlJe1R+7yv9XADdJ6kAjbwAwwBDYhCuJ3FT7Bji3ag+RA0WP4KWx+EoJ yNWkW0XftUreSsD3V7JUY6gB+KYCohcZ1rpdRrJ5S3LpYibx0mIHI7/Lo+6q7S+2 hstYqUqTZO7Dak7sSxMbMKYlfYKI+yBhwHXqi8bd4FEi1Epi+JLmegwhxRgsf2Z+ awgGzZVoDcqortMTD+Ew74DX3bafv3+XgxtqwPfFeaE5Mr5vYhDTKGQ7sYifBVXH SdpaaiUw5iZNJM2YZXd0XA22PTL4C5VsUKHdJ+lKrSOCXG9otefVkgJibwSs4E/O QWitH5h5kXZ5SFpjQ7aLnxz0yjLOUFtzbbuVLj4= =Tohz -----END PGP MESSAGE----- kubuntu@kubuntu:~$

Yubico Forum https://forum.yubico.com/

[SOLVED] unknown status error when using subkeys on neo https://forum.yubico.com/viewtopic.php?f=26&t=2599	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/