Yubico Forum

Hello,

I have a strange issue with 2 yubikey neo's with the yubioath desktop app in Linux:
1) I have a yubikey neo (serialno 1891578) which functions normally with the yubioath app.
I have loaded 2 GoogleMail 2FA TOTP cedentials which function normally in this app and also on my android phone with NFC (using the androi version).
2) however I have a newer yubikey neo (serialno 2276401) with the same 2 credentials which does function normally on my android phone with NFC but does NOT function with the linux desktop version.
In fact I execute the yubioath from the command line nothing is reported using the older neo (serial 1891578) but with using the new version (serial 2276401) the following error is reported on the CLI:

Could anyone indicate what could be the cause of this issue?

For the record I use the following software versions:
- yubikey neo developer version serial 1891578 & 2276401
- yubioath 2.0.2
- debian version 8
- using yubico ppa from Ubuntu Utopic:
deb http://ppa.launchpad.net/yubico/stable/ubuntu/ utopic main
deb-src http://ppa.launchpad.net/yubico/stable/ubuntu/ utopic main

To add some more info to this issue: the piv-tool appears to be able to talk to new yubikey despite the fact the yubioath is not.
All the app (CAP files) came pre-installed on this yubikey neo.

Any help pointing me in the right direction in solving this issue would be very much appreciated.

Looking at the traceback it looks like there is an issue with the smartcard reader name comparison, namely that it doesn't handle non-ascii characters. This is a bug in the application, which I will fix in the next version, but it's also strange as there usually aren't any non-ascii characters in the card reader name. If you start the application without any YubiKey attached, you most likely won't get the error. Doing so should allow you to open the settings dialog to check on the value of the "Card reader name". If it contains anything weird, change it to read "Yubikey" (with a capital "Y") then save the settings and restart the application and see if the problem goes away. Also, do you have any other smartcard readers connected to the computer?

Dain,

first of all thx for your quick response.
Now back on topic - for both yubikeys the name reported is: Yubikey Neo.
Nevertheless I attempted to change the name again to Yubikey Neo again which was accepted by the yubikey & unplugged/replugged it again.
Then attempted to execute the yubiauth app with the same results again for this key.
If I first start the yubiauth app and then insert the yubikey (the one with the weird behaviour that is) the app keep on functioning however the credentials never show up.

The cardreader field in the yubiauth app has value: Yubikey for both keys.

I have uploaded screenshots of the neomanager tool as well as the yubi auth tool.

FYI I have some additional info obtained with ykinfo:
- ¨good¨ behaving key:

- ¨bad¨ behaving key:


Anyway - thx for your time & effort in addressing this issue and hopefully you'll be able to fix and publis the yubiauth app as you indicated!

Kind regards, Erik...

Can you try running the following commands in a terminal and copy the output? I've highlighted the actual commands you need to type in red.



Please do it once with the functioning key inserted, and once with the non-functioning one.

Dain,

as requested:

- good behaving key 1891578


- bad behaving key 2276401


Thx & kind regards, Erik...

I spot a difference here:
- good key reply:
['Yubico Yubikey NEO OTP+CCID 00 00']

- bad key reply:
['Yubico Yubikey NEO OTP+CCID (Ð) 00 00']

Could this be the issue causing the key (and/or software) to malfunction?
Is there a method to update the key so as to remove these extraneous characters?

Thx & kind regards, Erik...

Attemoted to rename the NEO (from YubiKey NEO to NEO) however the python output remains the same - it appears this output is not affcted by the name change.
I have included a screenshot with the output from python and also (started after the python script) from neomanager which clearly shows that the name is changed but the python output is not.

Changed it back to YubiKey NEO without seemingly ill effects however issue remains the same.
Apparently this faulty string is not (directly) related to the string which can be chnaged in the neomanager utility.

Dain,

I wonder whether deleting and re-installing the oath applet might resolve this issue?
This yubikey is still one of those in which the apps are not locked - i.e. can load & delete apps on it.
Please advise...

KR, Erik...

Hi! Thanks for providing the detailed output! I've now located the source of the issue. The problem is in the yubioath-desktop application, with it not being able to handle certain YubiKey NEO versions (you happen to have one of those). There is nothing wrong with the device itself, it's just a bug in the software related to non-ascii characters. I will release a new version of yubioath-desktop which should resolve this issue. If not today, then early next week!

EDIT: It's out, version 2.1.0.