Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:52 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Yubikey NEO and gpg4win
PostPosted: Sat Apr 13, 2013 11:59 pm 
Offline

Joined: Sat Apr 13, 2013 11:18 pm
Posts: 1
I've just received my Yubikey NEO in the mail and have been experimenting with its functionality.

I'm currently attempting to set up and use a GPG identity and have encountered a strange problem after following the guide posted to the Yubico blog. As a preface, I'm attempting to do this on Windows 8 x64 and have received a Yubikey NEO v3.1.2.

I've successfully installed gpg4win and generated a new set of keys on the NEO using it, following this I was able to see my key in Kleopatra as was mentioned in the blog (and was able to successfully encrypt/decrypt a file with it). After removing the key and plugging it back in I'm now unable to interface with the yubikey neo through the gpg command line interface. Initially, running 'gpg --verbose --card-status' displays the expected output:

Code:
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
...


But running 'gpg --card-edit' followed by an administration command, such as 'admin' -> 'sex' -> 'M', or any other command which directly interfaces with the card displays a "Card Error". Attempting to encrypt/decrypt via kleopatra simply yields a failure. Looking at my device manager I see the exepcted devices (at least one other forum thread had multiple card readers) (image attached).

Furthermore, it appears that what I'm seeing is a phantom of sorts, as killing all gpg-agent and scdaemon and attempting 'gpg --verbose --card-status' yields

Code:
gpg: no running gpg-agent - starting one
gpg: waiting 5 seconds for the agent to come up
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error


indicating it simply refuses to see the NEO after it's been disconnected/reconnected.

Ultimately it seems the only way to continue to use my Yubikey NEO for GPG operations is to kill gpg-agent and scdaemon, disconnect/reconnect the Yubikey (now that I think about it, rerun 'gpg --verbose --card-status' (relaunching gpg-agent) and then continue use with Kleopatra. (

I'm not sure if I'm doing something wrong, if this is a bug in gpg4win, or if this has something to do with Yubikey NEO, but I figured here would be a good place to start =).

As a side question: The blog post mentioned that the private key on the Yubikey NEO could never be recovered (which is the whole point!), but it seems that Kleopatra indicates that the secret key is "available" and it even lets me export it (right click on the cert -> export secret key) producing what looks like a valid PGP private key block; what exactly am I seeing? Is Kleopatra able to extract the private key from the Yubikey NEO?

Thanks!


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Apr 15, 2013 7:30 am 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hello,

In these situations it should be enough to kill any scdaemon processes and try again. I believe this to be an issue with scdaemon but it's not tracked down that I know of.
Yes, Kleopatra and other tools will list that there is a secret key available, this should only be a "stub" though. I'm unsure about what you get if you try to export it.

/klas


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group