Yubico Forum

Is there a way to use the OpenPGP applet and the OATH applet at the same time? Currently I have to unplug and replug in the Neo if I want to use the Authenticator desktop app after I use PGP to SSH to a server, etc.

Sorry if this has already been asked, I have read thru many topic and tried searching the forums and the documentation but have not been able to find an answer.

In case you are also using gpg, make sure to add "card-timeout 5" to ~/.gnupg/scdaemon.conf

I'm using the gpg-agent from MacGPG2 and don't have a scdaemon.conf file in my ~/.gnupg directory.

My issue is that after using the Yubico Authenticator app to get TOTP codes from the OATH applet, GPG no longer sees the YubiKey. I need to unplug and replug it back in for gpg --card-status to show the key.

The opposite is true as well. After I use GPG, whether to authenticate via SSH or to decrypt a document, the Yubico Authenticator app displays the error message "No Yubikey NEO found. Please plugin your Yubikey NEO in one of your USB port." when selecting "Show Code". I need to unplug and replug in the Yubikey before it can get the codes from it.

My question is if this is by design or if I there is something I can configure that will allow me to switch between GPG and OATH without having to unplug and replug in the Yubikey?

Thanks.

I'd like to resurrect this discussion.

-As poster "bah" has indicated, the scdaemon.conf setting doesn't appear to work in Mac OS X. Even if it did, I don't think that it would fix this issue.

-Adding a similar setting like using a smartcard autoeject timeout only resets the PGP session (requiring pin entry) but the PGP applet is still active (not the OTP applet as required by Yubiko Authenticator). I've used the following to set up my Yubikey:


-Going from OTP -> PGP is also an issue, and this wouldn't be fixed with a GPG setting (that I know of).

-I have a Yubikey Neo. Re-inserting the device is annoying but still doable. Coworkers with Yubikey Neo-N devices find this almost unbearable, and it creates a lot of excess wear-and-tear on the device.

Fixing this would go a long way to improving users that really want to utilize all of the great features of their Yubikeys!

The latest version of Yubico Authenticator has a setting called "kill scdaemon on show". When enabled, this will cause scdaemon to be killed anytime the Yubico Authenticator app is either launched or restored from the system tray. This solution is a bit of a hack, but in my experience it works quite reliably. In essence: anytime you start using gpg, scdaemon will be automatically started, anytime you need an OATH code, scdaemon will be killed.