Yubico Forum :: View topic - [Resolved] Yubikey Neo and PGP Applet issue.

Yubico Forum https://forum.yubico.com/

[Resolved] Yubikey Neo and PGP Applet issue. https://forum.yubico.com/viewtopic.php?f=26&t=1145	Page 1 of 1

Author:	westonmyers [ Sat Aug 24, 2013 9:25 am ]
Post subject:	[Resolved] Yubikey Neo and PGP Applet issue.
Hello, I created a pgp keypair with my Yubikey as outlined. It seemed to work as far as I knew. Today came the time to actually test it. That said, it's not behaving at all. It seems that the PIN is not being accepted properly. Below is the excerpt of my terminal while working on this. (Encryption and Auth keys edited out as I felt this was unnecessary.) Notable things: PIN retry counter at 0. I unblock it successfully and use a simple password (123456) for this example. (While not shown here, I can do a "verify" command here and the PIN retry counter will tick down to 2.) I exit out though to do what I was hoping. I have a file that a friend encrypted. It's not taking the password. Fun times. Thanks for your time, Weston Arch Linux (Fully updated.) gpg (GnuPG) 2.0.21 libgcrypt 1.5.3 ➜ Downloads gpg --card-edit gpg: enabled debug flags: memstat Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: Weston Myers Language prefs ...: en Sex ..............: male URL of public key : http://sec.westonmyers.com/pgppubstore/weston+pgp@ieee.org Login data .......: westonmyers Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 0 3 3 Signature counter : 14 Signature key ....: A679 6687 3661 82F4 2A9B BE0E FAA5 D450 6A4B B09A created ....: 2013-08-16 08:01:24 Encryption key....: [REDACTED] created ....: 2013-08-16 08:01:24 Authentication key: [REDACTED] created ....: 2013-08-16 08:01:24 General key info..: pub 2048R/6A4BB09A 2013-08-16 Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) <weston+p gp@ieee.org> sec> 2048R/6A4BB09A created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 ssb> 2048R/493D77FB created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 ssb> 2048R/A42FF1AE created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 gpg/card> unblock gpg: OpenPGP card no. D2760001240102000000000000010000 detected PIN changed. gpg/card> list Application ID ...: D2760001240102000000000000010000 Version ..........: 2.0 Manufacturer .....: test card Serial number ....: 00000001 Name of cardholder: Weston Myers Language prefs ...: en Sex ..............: male URL of public key : http://sec.westonmyers.com/pgppubstore/weston+pgp@ieee.org Login data .......: westonmyers Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 14 Signature key ....: A679 6687 3661 82F4 2A9B BE0E FAA5 D450 6A4B B09A created ....: 2013-08-16 08:01:24 Encryption key....: [REDACTED] created ....: 2013-08-16 08:01:24 Authentication key: [REDACTED] created ....: 2013-08-16 08:01:24 General key info..: pub 2048R/6A4BB09A 2013-08-16 Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) <weston+p gp@ieee.org> sec> 2048R/6A4BB09A created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 ssb> 2048R/493D77FB created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 ssb> 2048R/A42FF1AE created: 2013-08-16 expires: 2014-08-16 card-no: 0000 00000001 gpg/card> quit random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/32768 bytes in 0 blocks ➜ Downloads gpg -v -o doc.txt --decrypt signed_6A4BB09A_encrypted.acs gpg: enabled debug flags: memstat Version: GnuPG v1.4.12 (Darwin) gpg: armor header: gpg: public key is A42FF1AE gpg: using subkey A42FF1AE instead of primary key 6A4BB09A gpg: using subkey A42FF1AE instead of primary key 6A4BB09A gpg: encrypted with 2048-bit RSA key, ID A42FF1AE, created 2013-08-16 "Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) <weston+pgp@ieee.org>" gpg: public key decryption failed: Card error gpg: decryption failed: No secret key random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 secmem usage: 0/32768 bytes in 0 blocks

Author:	westonmyers [ Mon Aug 26, 2013 12:51 pm ]
Post subject:	Re: [Resolved] Yubikey Neo and PGP Applet issue.
Hello, The issue was indeed with the Yubikey Neo OpenPGP applet on the device. This is resolved by updating the applet to the latest version. (Keys are lost at this time since import is not supported.) Thread at the GitHub account regarding this issue. Regards, Weston

Author:	fbnaia [ Thu Jul 23, 2015 12:18 am ]
Post subject:	Re: [Resolved] Yubikey Neo and PGP Applet issue.
I am getting the same problem with firmware 3.3.0 and openpgp applet ver 1.0.8. I tried updating the openpgp applet but i don't know the card manager keys. I am aware of the security advisory YSA-2015-1, but it's my understanding that it should not affect encryption/decryption. Is there a way to update the applet or fix this issue? [Fixed] I finally resolved the problems by unblocking the pin and changing the pin to something else. (previously i was setting the same pin after unblocking but that did not work.) I was also getting errors with CHV2 on 'verify' command. I wasn't able to generate new keys and also getting "Conditions of use not satisfied" on some commands and couldn't authenticate SSH sessions or sign other keys... Which lead me to this tutorial http://25thandclement.com/~william/YubiKey_NEO.html that pointed out some similar issues fixed by unblocking the pin.

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/