Yes, especially on Windows
| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] Unable to import OpenPGP keys to NEO https://forum.yubico.com/viewtopic.php?f=26&t=1485 |
Page 1 of 1 |
| Author: | DarkWinter [ Sun Oct 12, 2014 4:56 am ] |
| Post subject: | [QUESTION] Unable to import OpenPGP keys to NEO |
I would like to place my new OpenPGP keys onto my NEO, but I am having difficulty. My NEO is a bit on the old side, purchased Spring 2013. It is firmware version 3.1.2 with OpenPGP applet version 1.0.5 installed. I am using Windows 8.1 (yes, I can hear you groan from here) and have done a lot of googling and reading. It is a bit challenging to translate Linux procedures into Windows procedures, but I've had good success up to this point. I am primarily using Simon Josefsson's blog post as well as the HOW-TO sticky in this forum as my primary references for transferring keys to the NEO. I created an RSA-4096 "master" key (Sign, Certify only) with 3 RSA-2048 subkeys for sign, encrypt, and authenticate (which I don't really need). My current keyring only contains the subkeys, having removed the "master" secret subkey for safe-keeping. My NEO is set in HID+CCID with touch eject (-m82) mode. Obviously, I want to move the 3 subkeys onto my NEO. When I execute the cardtokey command, I currently receive the following message: Code: gpg: error getting current key info: General error However, when I first attempted the keytocard command several hours ago, I recieved a message to the effect of This card is not capable of importing. I don't know why the messages changed and how to get back to receiving the first message. I would like to get back to that point, since it seems to me that the gpg2 application was at least attempting to communicate with the NEO. Right now, I am not so sure this is the case. When I use the --card-status command, I receive the following: Code: Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 0 0 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Where do I go from here on a Windows machine? Am I actually communicating with the NEO? Is it even possible to import keys to a version 3.1.2 NEO? |
|
| Author: | Tom [ Mon Oct 13, 2014 1:23 pm ] |
| Post subject: | Re: [QUESTION] Unable to import OpenPGP keys to NEO |
Update the applet to version 1.0.6 using the Yubikey NEO manager latest version with the -developer option -d lowercase. Then follow this tutorial http://blog.josefsson.org/2014/06/23/of ... smartcard/ |
|
| Author: | DarkWinter [ Mon Oct 13, 2014 5:04 pm ] |
| Post subject: | Re: [QUESTION] Unable to import OpenPGP keys to NEO |
Tom, Thanks for the reply. I am still a bit lost though. I downloaded the newest version of the NEO Manager GUI (0.2.2) from the Yubico developers page (I am not a developer, not even close). I also downloaded the CAP file of the most up-to-date version of the OpenPGP applet (1.0.8). However, now I am stuck. I don't know how to install the CAP file onto the NEO. The previous version of the NEO manager included an "Install from CAP file" button, but version 0.2.2 does not have such a button. I looked at the GPShell stuff, but can't make it work and my anti-virus program doesn't like it which makes me a bit uncomfortable. I don't know what you mean by Quote: Yubikey NEO manager latest version with the -developer option -d lowercase.
|
|
| Author: | Tom [ Tue Oct 14, 2014 8:23 am ] |
| Post subject: | Re: [QUESTION] Unable to import OpenPGP keys to NEO |
You need to run the Yubikey NEO manager from consolle, Terminal with the -d option to enable developer mode and to be able to install applets. for example prompt$ ./ykneomanager -d or c:\path\to\file\ykneomanager.exe -d |
|
| Author: | hazza [ Wed Oct 22, 2014 5:24 pm ] |
| Post subject: | Re: [QUESTION] Unable to import OpenPGP keys to NEO |
Sometimes I have issues with my Yubikey OpenPGP not being recognised properly - the solution to this is to remove the Yubikey, kill the 'GnuPG private key daemon' and 'GnuPG smartcard daemon' processes in Task Manager, then reinsert my Yubikey. Works like a charm every time. |
|
| Author: | Tom [ Thu Oct 23, 2014 10:31 am ] |
| Post subject: | Re: [QUESTION] Unable to import OpenPGP keys to NEO |
Yes, especially on Windows
|
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|