|
I've got a Yubikey 4 running firmware 4.2.7. It works fine, in that I've successfully got keys loaded and I've tested encryption/decryption/signing working on a machine different than the one I set it all up on.
However, there is an odd problem and I feel I may have missed something silly. Note that this is happening on Windows and on OSX, but the commonality on both is I haven't ever used gpg-agent in the past.
So, on to the problem! gpg-agent runs scdaemon. This is normal. However, if I remove my yubikey and come back later, and reinsert it... it looks like scdaemon doesn't "see" the card correctly and I get weird results back - sometimes things act like the card is there, some times not. Additionally, an example of some oddness is the PIN length and PIN failure count fields reported back by gpg --card-status all show 0, instead of actual values. I'm suspecting some stuff is perhaps being cached by gpg/scdaemon?
To fix this, I have to kill the gpg-agent and scdaemon processes manually. When they are started again by a subsequent usage of gpg, it works again - and continues working until I pull the yubikey later on.
Do I need to do anything specifically to make it behave nicely if the key is going to be sporadically detached/reattached? Or am I destined to have to killall gpg-agent && killall scdaemon every time?
The only thing I don't really understand that I've done in the process of following various tutorials is to set "mode 86" on my key. Does 6 vs 86 have anything to do with these shenanigans? Much of the documentation that references this mode setting is either very old or flies over my head. I did notice that when the agent is successfully pulling data from the card, if I were to start the NEO Manager, it can't view applet details. Presumably scdaemon is "locking" the card somehow - don't know if that's important/unusual.
Final note: on the Windows (8.1) box, I'm running the official GPG "Modern" 2.1.0 build. On the OSX (El Capitan) box, GPGTools v2015.09.
Of course I'm happy to provide any other detail/data that might be required.
Cheers!
|
Login
FAQ
Search
