I've just received my Yubikey NEO in the mail and have been experimenting with its functionality.
I'm currently attempting to set up and use a GPG identity and have encountered a strange problem after following the guide posted to the Yubico blog. As a preface, I'm attempting to do this on Windows 8 x64 and have received a Yubikey NEO v3.1.2.
I've successfully installed gpg4win and generated a new set of keys on the NEO using it, following this I was able to see my key in Kleopatra as was mentioned in the blog (and was able to successfully encrypt/decrypt a file with it). After removing the key and plugging it back in I'm now unable to interface with the yubikey neo through the gpg command line interface. Initially, running 'gpg --verbose --card-status' displays the expected output:
Code:
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
...
But running 'gpg --card-edit' followed by an administration command, such as 'admin' -> 'sex' -> 'M', or any other command which directly interfaces with the card displays a "Card Error". Attempting to encrypt/decrypt via kleopatra simply yields a failure. Looking at my device manager I see the exepcted devices (at least one other forum thread had multiple card readers) (image attached).
Furthermore, it appears that what I'm seeing is a phantom of sorts, as killing all gpg-agent and scdaemon and attempting 'gpg --verbose --card-status' yields
Code:
gpg: no running gpg-agent - starting one
gpg: waiting 5 seconds for the agent to come up
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error
indicating it simply refuses to see the NEO after it's been disconnected/reconnected.
Ultimately it seems the only way to continue to use my Yubikey NEO for GPG operations is to kill gpg-agent and scdaemon, disconnect/reconnect the Yubikey (now that I think about it, rerun 'gpg --verbose --card-status' (relaunching gpg-agent) and then continue use with Kleopatra. (
I'm not sure if I'm doing something wrong, if this is a bug in gpg4win, or if this has something to do with Yubikey NEO, but I figured here would be a good place to start =).
As a side question: The blog post mentioned that the private key on the Yubikey NEO could never be recovered (which is the whole point!), but it seems that Kleopatra indicates that the secret key is "available" and it even lets me export it (right click on the cert -> export secret key) producing what looks like a valid PGP private key block; what exactly am I seeing? Is Kleopatra able to extract the private key from the Yubikey NEO?
Thanks!
Login
FAQ
Search
