Yubico Forum

Thank you Jakob!

With your source code, running under JCOP Tools in Eclipse / Windows 7, here's my output:



So the key generation works (takes about 15 seconds), the signature initialization works (132ms) but the actual signing fails (the error code appears after about 30-40 seconds).

What happens when you try it?

Thank you,
Razvan

Hello again everyone,

The guys at Yubico have been kind enough to provide me with a second Neo to test on and everything works fine on the new one (RSA signatures with small inputs take about 1.5 seconds, they no longer hang for 30-40 seconds then return a timeout error).

The firmware version is the same (3.1.2) and I can't spot any differences in the ATR or the response to "/identify" in JCOP Tools. As far as I can tell the two Neos are identical, but one can sign just fine while the other one times out. This is with the exact same applet, same procedure to deploy, etc. It works on the new one and fails on the old one.

I wonder if this could be a hardware issue - the old unit has seen a lot more use (a lot of flash writes), but the problem appears to have something to do with the random number generator. Maybe the RNG is faulty on the old unit and the card fails to get enough secure random bytes to do its padding for the RSA signature.

Any ideas what I could try next?

Thanks again to the Yubico team for providing me with a replacement unit.

Razvan