Yubico Forum

Due to problems with my Yubikey NEO, I just ordered a new Yubikey 4. I would like to configure it with Open PGP, and per the documentation here(https://developers.yubico.com/PGP/Importing_keys.html), started with the following:

>gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye

But I get the error:

ERR 100663406 Card removed <SCD>

I realize this may be because I have not configured the Open PGP Applet, but am unsure whether best practice is now to do this from the Yubikey Personalization Tool GUI, or using ykpersonalize as indicated on the following page (last updated in 2012): https://www.yubico.com/2012/12/yubikey-neo-openpgp/ which is only for the NEO (I couldn't find Yubikey 4-specific documentation) and seems to suggest using the command-line ykpersonalize package, which does not seem to be preferred at this point.

In the Yubikey Personalization Tool GUI, however, it is not obvious how and/or where to configure the Open PGP Applet so that I can move a key onto the device.

Suggestions would be most welcome. I am running GPG 2.0.27.

Mode switching should be done with the YubiKey NEO Manager (https://developers.yubico.com/yubikey-n ... /Releases/ - yes it works for the 4 and Edge as well). ykpersonalize is the alternative, but if you happen to disable OTP, the NEO Manager is the only app that will be able to fix it. The YubiKey 4 already comes with CCID mode enabled, so you shouldn't have to use either application anyway. It's ready to use with OpenPGP as soon as you receive it.

"gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye" also should never have to be run on a YubiKey 4, as the purpose of the command is to confirm you have a NEO OpenPGP applet 1.0.6 or newer. If you've purchased a NEO or YubiKey 4 since around summer of 2014, you don't have to worry about this.

Getting that error from attempting to check the applet version most likely means you locked out your PIN and / or Admin PIN. Please reset the OpenPGP applet by running the script at the bottom of this page:

https://developers.yubico.com/ykneo-ope ... pplet.html

Thanks! I already tried to reset the applet, but keep getting the same error. I know the documentation said to continue with the process regardless, but since I'm not seeing any results I can't tell when the applet has gotten to C0 to know that it's been reset.

In the meantime, I tried it on another OS (Mac) and it was recognized. But when I try to move the key onto it, it requests an Admin PIN, which I have never configured. I have not found a default mentioned in the related documentation. Is there somewhere I can find this?

Thanks again.

If memory serves, the default Admin PIN is "12345678" (without quotes).

Make sure to change it.

That is correct.

Default PIN = 123456 (must be 6 characters minimum)
Default Admin PIN = 12345678 (must be 8 characters minimum)

I tried to get mine working, but so far nothing helped. only "card error"s, "access denied"s and messages like that.

Hello!

Have you installed scdaemon? I had the same problem till I install it.

Good luck