Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 8:30 pm

View unanswered posts | View active topics


Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
RBerg
PostPosted: Mon Oct 26, 2015 2:45 am 
Offline

Joined: Mon Oct 26, 2015 2:12 am
Posts: 6
Greetings!

New Yubikey NEO owner here..

So was testing a few things out using my new Yubikey and generated all 3 OpenPGP keys (E,S,A) off a GnuGPG base key.

Everything went well but I messed up my keysize so I restarted without posting the key(s) to a keyserver.

After generating the base key offline I then created the 3 Yubikey key's and everything worked well however the old key ID didn't seem to update. It's still in reference to the old key ID and no matter what URL I place in the Yubikey; it still tries to update the old key and never pulls in the new ID.

Here is a snapshot of the key details:

Code:
Application ID ...: D2760001240102000006038127890000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: [REDCATED]
Name of cardholder: Richard T. Berg
Language prefs ...: en
Sex ..............: male
URL of public key : http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x605501E49B5026D5
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: [REDACTED]
      created ....: 2015-10-25 22:00:20
Encryption key....: [REDACTED]
      created ....: 2015-10-25 21:55:08
Authentication key: [REDACTED]
      created ....: 2015-10-25 22:01:12
General key info..:
pub  2048R/0x78F33417319EDF96 2015-10-25 Richard T. Berg <rberg@neo.rr.com>
sec#  3744R/0x605501E49B5026D5  created: 2015-10-25  expires: never
ssb>  2048R/[REDACTED] created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]
ssb>  2048R/[REDACTED]  created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]
ssb>  2048R/[REDACTED]  created: 2015-10-25  expires: 2016-10-24
                      card-no: 0006 [REDACTED]


As you can see the public key ID should be 9B5026D5 however the public on the Yubikey is set to the old 319EDF96

If I update the URL to a proper keyserver link to my new Key ID and issue a fetch, it comes back unchanged. I've tried several dump URL's such as pastebin, my own webserver, everything and it still will NOT update the public key on the Yubikey to the one I generated second.

Code:
gpg/card> fetch
gpg: requesting key 0x78F33417319EDF96 from http server keyserver.ubuntu.com
gpg: key 0x605501E49B5026D5: "Richard T. Berg <rberg@neo.rr.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1


What am I doing wrong here?
Help? Sugguestions?

Thanks!
~Richard


Last edited by RBerg on Mon Oct 26, 2015 5:21 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

RBerg
PostPosted: Mon Oct 26, 2015 4:38 pm 
Offline

Joined: Mon Oct 26, 2015 2:12 am
Posts: 6
I have checked again and in fact, the key in the Public Info area of the key is actually the signature key ID of the Yubikey key.

While this technically is *better* than using the old Public Key from the previous testing; I now have issues signing any files resulting in the error(s):

Code:
>gpg -esa --default-key 9B5026D5 test.txt
gpg: no default secret key: Unusable secret key
gpg: test.txt: sign+encrypt failed: Unusable secret key


It seems I'm unable to sign anything with the Signing cert on the Yubikey.
Top
 Profile  
Reply with quote  
RBerg
PostPosted: Tue Oct 27, 2015 10:59 pm 
Offline

Joined: Mon Oct 26, 2015 2:12 am
Posts: 6
*Update*

I just went ahead and revoked the keys and started over again.

Generating a new key, for Certify only and then 3 separate subkeys; 1 each for Encryption, Signing and Authentication, I was able to back them up to my offline storage and 'keytocard' them.

I have tested these new keys and everything seems to be working. Prior I was getting the 'Unusable Secret Key' error on doing ANY signing with the key on the Yubikey but these are now working as intended.

Thanks for a great product!
~Richard
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 11 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group