Yubico Forum :: View topic - [HOW-TO] - Install Applet on the NEO

So. I'm fairly technically-capable. I've spent the last few hours trying to install all the software, and configure it as necessary, to install the applet on my NEO … but no luck.

Once I've got this all working, I may be arsed to submit a tutorial on how to get everything installed on OS X … it's kind of a cluster<beep>.

$ piv-tool -n
Using reader with a card: Yubikey NEO OTP+CCID 00 00
PIV-II card

$ ./yubico-piv-tool -s 9a -A ECCP256 -a generate --verbose=2
parsed key: 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08
using reader 'Yubikey NEO OTP+CCID 00 00' matching 'Yubikey'.
> 00 a4 04 00 05 a0 00 00 03 08
< 61 11 4f 06 00 00 10 00 01 00 79 07 4f 05 a0 00 00 03 08 90 00
> 00 87 03 9b 04 7c 02 80 00
< 7c 0a 80 08 1d 0f b6 3a e8 f2 51 44 90 00
> 00 87 03 9b 16 7c 14 80 08 c9 ea 45 5e 14 9d d5 ed 81 08 87 8c ca 0d 86 b3 df 16
< 7c 0a 82 08 fc 32 92 32 41 85 58 a1 90 00
Successful applet authentication.
Now processing for action 1.
Going to send 5 bytes in this go.
> 00 47 00 9a 05 ac 03 80 01 11
< 6a 80
Failed to generate new key.

$ opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubikey NEO OTP+CCID 00 00
$ openpgp-tool -r0
error: not an OpenPGP card

cat scdaemon.conf
pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC
card-timeout 5
disable-ccid

$ gpg --card-status
gpg: selecting openpgp failed: Card error

Hi, I have a NEO-n and did not work with the yubico authenticator.
I followed the instruction in the first post to install the yubioath applet but for some reason, it failed.

mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864
886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
40255650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040255650B06092B851086486
4020103660C060A2B060104012A026E01029000
Command --> 80500000086B65E9BCBFD664AC00
Wrapped command --> 80500000086B65E9BCBFD664AC00
Response <-- 0000413803782893057902020001FEF557D1E12AECFB480701E958259000
mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.)

but now yubico authenticator, slot 1, slot 2, u2f all seem to be working fine. Which is good except for the fact that my NEO-n's LED is now flickering.
about once every 2 seconds. Is there anyway to fix this? Have i broke my yubikey?

Attachment:

Capture.PNG

Author:	ELLIOTTCABLE [ Tue Mar 11, 2014 2:32 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
So. I'm fairly technically-capable. I've spent the last few hours trying to install all the software, and configure it as necessary, to install the applet on my NEO … but no luck. I've successfully installed GPShell and all its dependancies, but when I try to install the applet, I get the following: Code: > > gpshell ./gpinstall.local.txt mode_211 enable_trace establish_context card_connect Could not connect to reader number 0 As far as I can tell, the Yubikey isn't being registered “as a smartcard.” Not sure how to make it register as a smart-card, instead of as a keyboard. (Side-note: I've used ykpersonalize -m82 to set my card to act as both an HID and CCID device; but I'm not sure if that's relevant. Didn't seem to help.) Once I've got this all working, I may be arsed to submit a tutorial on how to get everything installed on OS X … it's kind of a cluster<beep>.

Author:	martinpaljak [ Tue Mar 11, 2014 12:04 pm ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
ELLIOTTCABLE wrote: So. I'm fairly technically-capable. I've spent the last few hours trying to install all the software, and configure it as necessary, to install the applet on my NEO … but no luck. Once I've got this all working, I may be arsed to submit a tutorial on how to get everything installed on OS X … it's kind of a cluster<beep>. As you mention OSX, are you sure that you have enabled the current stock driver for NEO? You might find it easier to use the pre-compiled driver for OSX instead: https://github.com/martinpaljak/osx-cci ... r/releases Regarding basic applet installation I'm confident that my gp tool provides way simpler usability compared to gpshell: https://github.com/martinpaljak/GlobalPlatform#usage

Author:	Tom [ Fri Apr 18, 2014 8:50 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
Everyone, Please move to the Yubikey NEO manager http://opensource.yubico.com/yubikey-neo-manager/ Its a GUI and it is user friendly for those who do not feel comfortable with command lines tools.

Author:	ctoph1977 [ Sat May 17, 2014 3:41 pm ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
regarding the PIV Applet: It says I have a PIV-II card Quote: $ piv-tool -n Using reader with a card: Yubikey NEO OTP+CCID 00 00 PIV-II card but: Quote: $ ./yubico-piv-tool -s 9a -A ECCP256 -a generate --verbose=2 parsed key: 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 01 02 03 04 05 06 07 08 using reader 'Yubikey NEO OTP+CCID 00 00' matching 'Yubikey'. > 00 a4 04 00 05 a0 00 00 03 08 < 61 11 4f 06 00 00 10 00 01 00 79 07 4f 05 a0 00 00 03 08 90 00 > 00 87 03 9b 04 7c 02 80 00 < 7c 0a 80 08 1d 0f b6 3a e8 f2 51 44 90 00 > 00 87 03 9b 16 7c 14 80 08 c9 ea 45 5e 14 9d d5 ed 81 08 87 8c ca 0d 86 b3 df 16 < 7c 0a 82 08 fc 32 92 32 41 85 58 a1 90 00 Successful applet authentication. Now processing for action 1. Going to send 5 bytes in this go. > 00 47 00 9a 05 ac 03 80 01 11 < 6a 80 Failed to generate new key.

Author:	ctoph1977 [ Sat May 17, 2014 8:35 pm ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
turned out that since I enabled the support for the PIV_II Applet in PCSC now gpg cannot directly access the openpg applet anymore so I tried telling scdaemon to use pcsc instead first I wanted to know wether I could see a openpgp smartcard with opensc but Quote: $ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0 Yes Yubikey NEO OTP+CCID 00 00 $ openpgp-tool -r0 error: not an OpenPGP card appearently it does not see a openpgp card. just to be sure I told scdaemon to use pcsc Quote: cat scdaemon.conf pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC card-timeout 5 disable-ccid unfortunately: Quote: $ gpg --card-status gpg: selecting openpgp failed: Card error

Yubico Forum https://forum.yubico.com/

[HOW-TO] - Install Applet on the NEO https://forum.yubico.com/viewtopic.php?f=26&t=1159	Page 5 of 6

Author:	darco [ Sat Nov 29, 2014 5:00 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
The problem is that scdaemon in gnupg2 is very "greedy" with respect to PCSC: it requires exclusive access. This means that the OpenSC tokend driver on OS X will prevent scdaemon from working properly. You can get it back working again by killing any other application which is using PCSC. Then your card should work fine with gnupg. I'm currently working on a fix for this in my own branch of gnupg, which you can find here: https://github.com/darconeous/gnupg/tre ... mon-behave

Author:	mnegishi12 [ Fri Jun 05, 2015 3:41 pm ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
Hi, I have a NEO-n and did not work with the yubico authenticator. I followed the instruction in the first post to install the yubioath applet but for some reason, it failed. mode_211 enable_trace establish_context card_connect select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864 886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0 40255650B06092B8510864864020103660C060A2B060104012A026E01029000 open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864 886FC6B03640B06092A864886FC6B040255650B06092B851086486 4020103660C060A2B060104012A026E01029000 Command --> 80500000086B65E9BCBFD664AC00 Wrapped command --> 80500000086B65E9BCBFD664AC00 Response <-- 0000413803782893057902020001FEF557D1E12AECFB480701E958259000 mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.) but now yubico authenticator, slot 1, slot 2, u2f all seem to be working fine. Which is good except for the fact that my NEO-n's LED is now flickering. about once every 2 seconds. Is there anyway to fix this? Have i broke my yubikey?

Author:	aarcane [ Mon Jul 06, 2015 3:18 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
mnegishi12 wrote: Hi, I have a NEO-n and did not work with the yubico authenticator. I followed the instruction in the first post to install the yubioath applet but for some reason, it failed. mode_211 enable_trace establish_context card_connect select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864 886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0 40255650B06092B8510864864020103660C060A2B060104012A026E01029000 open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864 886FC6B03640B06092A864886FC6B040255650B06092B851086486 4020103660C060A2B060104012A026E01029000 Command --> 80500000086B65E9BCBFD664AC00 Wrapped command --> 80500000086B65E9BCBFD664AC00 Response <-- 0000413803782893057902020001FEF557D1E12AECFB480701E958259000 mutual_authentication() returns 0x80302000 (The verification of the card cryptogram failed.) but now yubico authenticator, slot 1, slot 2, u2f all seem to be working fine. Which is good except for the fact that my NEO-n's LED is now flickering. about once every 2 seconds. Is there anyway to fix this? Have i broke my yubikey? I get a very similar error on install. How do we fix this, what might be wrong?

Author:	Tom2 [ Mon Jul 06, 2015 9:41 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
Attachment: Capture.PNG [ 50.24 KiB \| Viewed 7267 times ]

Author:	aarcane [ Tue Jul 07, 2015 3:40 am ]
Post subject:	Re: [HOW-TO] - Install Applet on the NEO
Tom2 wrote: Attachment: Capture.PNG Thanks for the sarcastic response, Tom2. That doesn't exactly help us, it just indicates why we're having difficulties. I'm personally hoping to install newer versions of apps onto an older card, which should still be possible. Some research that I had to do on my own and that you could have mentioned here turned up that the default key was changed from a known value to a random value, reducing the value of the YubiKey, but not reducing the cost. It would be nice if there were some way to algorithmically determine our keys and then install apps, but since YubiCo doesn't seem to have documented that process, if it's even possible, simply saying "This only works on YubiKey Neo with serial numbers less than 300000 or on the YubiKey Neo Developer Edition" would have been a better answer..

Page 5 of 6	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/