Yubico Forum

I would like to place my new OpenPGP keys onto my NEO, but I am having difficulty. My NEO is a bit on the old side, purchased Spring 2013. It is firmware version 3.1.2 with OpenPGP applet version 1.0.5 installed. I am using Windows 8.1 (yes, I can hear you groan from here) and have done a lot of googling and reading. It is a bit challenging to translate Linux procedures into Windows procedures, but I've had good success up to this point. I am primarily using Simon Josefsson's blog post as well as the HOW-TO sticky in this forum as my primary references for transferring keys to the NEO.

I created an RSA-4096 "master" key (Sign, Certify only) with 3 RSA-2048 subkeys for sign, encrypt, and authenticate (which I don't really need). My current keyring only contains the subkeys, having removed the "master" secret subkey for safe-keeping. My NEO is set in HID+CCID with touch eject (-m82) mode. Obviously, I want to move the 3 subkeys onto my NEO.

When I execute the cardtokey command, I currently receive the following message:



However, when I first attempted the keytocard command several hours ago, I recieved a message to the effect of This card is not capable of importing. I don't know why the messages changed and how to get back to receiving the first message. I would like to get back to that point, since it seems to me that the gpg2 application was at least attempting to communicate with the NEO. Right now, I am not so sure this is the case.

When I use the --card-status command, I receive the following:



Where do I go from here on a Windows machine? Am I actually communicating with the NEO? Is it even possible to import keys to a version 3.1.2 NEO?

Update the applet to version 1.0.6 using the Yubikey NEO manager latest version with the -developer option -d lowercase.

Then follow this tutorial
http://blog.josefsson.org/2014/06/23/of ... smartcard/

_________________
-Tom

Tom,

Thanks for the reply. I am still a bit lost though. I downloaded the newest version of the NEO Manager GUI (0.2.2) from the Yubico developers page (I am not a developer, not even close). I also downloaded the CAP file of the most up-to-date version of the OpenPGP applet (1.0.8). However, now I am stuck. I don't know how to install the CAP file onto the NEO.

The previous version of the NEO manager included an "Install from CAP file" button, but version 0.2.2 does not have such a button. I looked at the GPShell stuff, but can't make it work and my anti-virus program doesn't like it which makes me a bit uncomfortable.

I don't know what you mean by

You need to run the Yubikey NEO manager from consolle, Terminal with the -d option to enable developer mode and to be able to install applets.

for example

prompt$ ./ykneomanager -d

or

c:\path\to\file\ykneomanager.exe -d

_________________
-Tom

Sometimes I have issues with my Yubikey OpenPGP not being recognised properly - the solution to this is to remove the Yubikey, kill the 'GnuPG private key daemon' and 'GnuPG smartcard daemon' processes in Task Manager, then reinsert my Yubikey. Works like a charm every time.

Yes, especially on Windows

_________________
-Tom