| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Yubikey 4 OpenPGP Applet not working https://forum.yubico.com/viewtopic.php?f=26&t=2132 |
Page 1 of 1 |
| Author: | tequir00t [ Mon Dec 21, 2015 11:30 am ] |
| Post subject: | [QUESTION] Yubikey 4 OpenPGP Applet not working |
Hello! I've got some strange problems with my new shiny Yubikey 4. gpg doesn't detect it: Code: gpg --debug-level guru --card-status gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: chan_3 <- OK Pleased to meet you, process 19168 gpg: DBG: connection to agent established gpg: DBG: chan_3 -> RESET gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION ttyname=/dev/pts/9 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION ttytype=xterm-256color gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION display=:0 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION xauthority=/home/daniel/.Xauthority gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION lc-ctype=en_US.utf8 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION lc-messages=en_US.utf8 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION allow-pinentry-notify gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION agent-awareness=2.1.0 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> AGENT_ID gpg: DBG: chan_3 <- ERR 67109139 Unknown IPC command <GPG Agent> gpg: DBG: chan_3 -> SCD SERIALNO openpgp gpg: DBG: chan_3 <- ERR 100663356 Not supported <SCD> gpg: OpenPGP card not available: Not supported gpg: DBG: [not enabled in the source] stop gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: secmem usage: 0/32768 bytes in 0 blocks This looks like the OpenPGP applet was not installed. lsusb -v output: Code: Bus 001 Device 015: ID 1050:0405 Yubico.com Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 64 idVendor 0x1050 Yubico.com idProduct 0x0405 bcdDevice 4.1a iManufacturer 1 Yubico iProduct 2 Yubikey 4 OTP+CCID iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 118 bNumInterfaces 2 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x80 (Bus Powered) MaxPower 30mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 1 Boot Interface Subclass bInterfaceProtocol 1 Keyboard iInterface 0 HID Device Descriptor: bLength 9 bDescriptorType 33 bcdHID 1.10 bCountryCode 0 Not supported bNumDescriptors 1 bDescriptorType 34 Report wDescriptorLength 71 Report Descriptors: ** UNAVAILABLE ** Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 10 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 11 Chip/SmartCard bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 ChipCard Interface Descriptor: bLength 54 bDescriptorType 33 bcdCCID 1.00 nMaxSlotIndex 0 bVoltageSupport 7 5.0V 3.0V 1.8V dwProtocols 2 T=1 dwDefaultClock 4000 dwMaxiumumClock 4000 bNumClockSupported 0 dwDataRate 307200 bps dwMaxDataRate 307200 bps bNumDataRatesSupp. 0 dwMaxIFSD 1190 dwSyncProtocols 00000000 dwMechanical 00000000 dwFeatures 000400FE Auto configuration based on ATR Auto activation on insert Auto voltage selection Auto clock change Auto baud rate change Auto parameter negotation made by CCID Short and extended APDU level exchange dwMaxCCIDMsgLen 1200 bClassGetResponse echo bClassEnvelope echo wlcdLayout none bPINSupport 0 bMaxCCIDBusySlots 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 32 can't get device qualifier: Resource temporarily unavailable can't get debug descriptor: Resource temporarily unavailable Device Status: 0x0000 (Bus Powered) So OTP and CCID is enabled, this shouldn't be the problem. When I try to install the OpenPGP applet according to this guide: http://forum.yubico.com/viewtopic.php?f=26&t=1344, I get the following error: Code: mode_211 enable_trace establish_context card_connect select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6A82 select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.) Any help is appreciated. I'm happy to provide more information if required. |
|
| Author: | mouse008 [ Mon Jan 04, 2016 4:32 am ] |
| Post subject: | Re: [QUESTION] Yubikey 4 OpenPGP Applet not working |
I suspect that something else on your machine opens/connects-to the card first, and then gpg refuses to connect to it because it considers it "busy". Reason - GnuPG stupidly (and by design) enforces the requirement that only one application can access the card. |
|
| Author: | plad0n [ Sat Mar 05, 2016 11:49 pm ] |
| Post subject: | Re: [QUESTION] Yubikey 4 OpenPGP Applet not working |
I have the very same problem and i can tell that under windows as well as under linux (where i'm pretty sure nothing else accesses the card) the gpshell responses by the error described above. help would be appreciated. Edit: 2016-03.05 23:49 to be correct, under linux the error message is one else: Code: $ gpshell gpinstall.txt mode_211 enable_trace establish_context card_connect list_readers failed with error 0x8010002E (Cannot find a smart card reader.) 2016-03.05 00:29 Now i found out that for linux by executing the script https://raw.githubusercontent.com/Yubic ... -ccid-udev the error message has changed to the exact same message as under windows. Code: $ gpshell gpinstall.txt mode_211 enable_trace establish_context card_connect -readerNumber 1 select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6A82 select_application() returns 0x80216A82 (6A82: The application to be selected could not be found.) regards, plad0n |
|
| Author: | SirJ [ Fri Jun 03, 2016 9:28 pm ] |
| Post subject: | Re: [QUESTION] Yubikey 4 OpenPGP Applet not working |
What I've found on my Windows 10 PC is that Yubikey NEO Manager 1.4 shows an entry YubiKey NEO under Devices for every card reader I have in the system. When programming your NEO via GPShell the wrong reader gets selected and you get that error when reader can not respond to command select -AID a000000003000000 that calls Card Manage app. Probably because there is no app like that and you see it in the error. I've called certutil -scinfo command in Windows to get information about card readers available in the system. It turned out that my Virtual Smartcard was one of them. That was easy as it sits in appropriate branch of Device Manager - under Smart Card Readers. Disabled it. Hard to find was another reader. A software reader. You will see it as a GUID in the certutil output. In Device Manager you have to select View -> Show hidden devices to see Software Devices branch. Then find that GUID and disable it too. gpshell works fine after that. good luck |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|