Had a fun time troubleshooting some oddities with encrypting via NFC.
Phones tested: ASUS Zenfone 2 (primary phone), HTC One M7 (backup phone)
Backstory: Had a Yubikey Neo with the PGP vulnerability replaced. Set up the new Yubikey with the same PGP key(subkeys) before wiping the old key. Was just using them for SSH and git, which worked fine. Decided to try encrypting sensitive files using openkeychain with the new Yubikey.
1. No matter what I did, openkeychain always said that I didn't hold the yubikey to the Zenfone 2 long enough. Instead of encrypting a file, I decided to just encrypt a string: "Hello". This resulted in the same issue.
2. Suspecting that it might be the phone, I took my HTC One m7 (which had been wiped) and set it up, installing openkeychain and importing my PGP key. Still the same error with the M7.
3. Tested encryption on the command-line with a hard connection. Wrote "Hello" to a file and encrypted / decrypted it using GPG and the Yubikey. This worked fine. What?!
4. After lots of attempts above, I decided to re-instate my PGP key onto the old (vulnerable) Yubikey and tested out encrypting the string via openkeychain and NFC. First try it worked!
5. I decided to try resetting my new Yubikey's PGP setup. I blasted the openPGP part of the new Yubikey using the Yubico PGP reset string and gpg-connect-agent. I then re-wrote my PGP subkeys again from my backup.
6. Tested out encrypting the string via openkeychain and NFC. It worked!
How could I encrypt on the command line but not over NFC, and then after rewriting the PGP configuration it works?
|