Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:23 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Dec 09, 2013 7:09 am 
Offline

Joined: Mon Dec 09, 2013 6:44 am
Posts: 4
I'm playing around with a new Yubikey Neo. I've been trying to load the latest version of the OpenPGP applet (https://github.com/Yubico/ykneo-openpgp), but am encountering issues.

I've followed the directions on both the applet github page and on the "How to install an applet" forum thread (viewtopic.php?f=26&t=1159). I have globalplatform-6.0.0, gppcscconnectionplugin-1.1.0, gpshell-1.4.4, and libykneomgr (https://github.com/Yubico/libykneomgr) all built from source and installed to /usr/local/:

Code:
$ ls -al /usr/local/bin/
drwxr-xr-x 1 root root   100 Dec  8 21:05 .
drwxr-xr-x 1 root root    96 Sep 24 21:43 ..
...
-rwxr-xr-x 1 root root 97380 Oct 24 21:08 gpshell
-rwxr-xr-x 1 root root 55689 Dec  8 21:05 ykneomgr
...


Code:
$ ls -al /usr/local/lib/
drwxr-xr-x 1 root root     734 Dec  8 21:05 .
drwxr-xr-x 1 root root      96 Sep 24 21:43 ..
...
-rw-r--r-- 1 root root  851226 Oct 24 21:05 libglobalplatform.a
-rwxr-xr-x 1 root root    1042 Oct 24 21:05 libglobalplatform.la
lrwxrwxrwx 1 root root      26 Oct 24 21:05 libglobalplatform.so -> libglobalplatform.so.6.0.0
lrwxrwxrwx 1 root root      26 Oct 24 21:05 libglobalplatform.so.6 -> libglobalplatform.so.6.0.0
-rwxr-xr-x 1 root root  559391 Oct 24 21:05 libglobalplatform.so.6.0.0
-rw-r--r-- 1 root root   49054 Oct 24 21:07 libgppcscconnectionplugin.a
-rwxr-xr-x 1 root root    1151 Oct 24 21:07 libgppcscconnectionplugin.la
lrwxrwxrwx 1 root root      34 Oct 24 21:07 libgppcscconnectionplugin.so -> libgppcscconnectionplugin.so.1.0.1
lrwxrwxrwx 1 root root      34 Oct 24 21:07 libgppcscconnectionplugin.so.1 -> libgppcscconnectionplugin.so.1.0.1
-rwxr-xr-x 1 root root   41346 Oct 24 21:07 libgppcscconnectionplugin.so.1.0.1
-rw-r--r-- 1 root root  156384 Dec  8 21:05 libykneomgr.a
-rwxr-xr-x 1 root root    1051 Dec  8 21:05 libykneomgr.la
lrwxrwxrwx 1 root root      20 Dec  8 21:05 libykneomgr.so -> libykneomgr.so.0.0.2
lrwxrwxrwx 1 root root      20 Dec  8 21:05 libykneomgr.so.0 -> libykneomgr.so.0.0.2
-rwxr-xr-x 1 root root   84166 Dec  8 21:05 libykneomgr.so.0.0.2
drwxr-xr-x 1 root root      56 Dec  8 21:05 pkgconfig
...


My YubiKey Neo is connected, communicating with the ykneomgr utility, and set to the proper mode:

Code:
$ ykneomgr -m
82
$ ykneomgr -w
3.1.2
$ ykneomgr -l
0: Yubico Yubikey NEO OTP+CCID 00 00
$ ykneomgr -a
0: a0000000035350
1: a0000005272001
2: d27600012401
$ lsusb
...
Bus 001 Device 032: ID 1050:0111 Yubico.com
...


I have also white-listed the device in the pcscd config as described at viewtopic.php?f=26&t=982&start=10 (although it appears that this may no longer be necessary).

When I try to use the ykneomgr utility to install the latest OpenPGP cap file (1.0.5), I get the following error (debug enabled):

Code:
$ ykneomgr -d --applet-install=./applet/bin/openpgpcard/javacard/openpgpcard.cap
Trying reader 0: Yubico Yubikey NEO OTP+CCID 00 00
atr length 20
atr: 3b fa 13 00 00 81 31 fe 15 59 75 62 69 6b 65 79 4e 45 4f a6
atr: .  .  .  .  .  .  1  .  .  Y  u  b  i  k  e  y  N  E  O  . 
logicalChannel 0
specVersion 211
--> 13: 00 a4 04 00 08 a0 00 00 05 27 20 01 01
Command --> 00A4040008A000000527200101
Wrapped command --> 00A4040008A000000527200101
Response <-- 030102018507820000009000
<-- 12: 03 01 02 01 85 07 82 00 00 00 90 00
versionMajor 3
versionMinor 1
versionBuild 2
pgmSeq 1
touchLevel 34055
mode 82
crTimeout 0
autoEjectTime 0
--> 4: 00 01 10 00
Command --> 00011000
Wrapped command --> 00011000
Response <-- 0020171C9000
<-- 6: 00 20 17 1c 90 00
serialno 2103068
--> 13: 00 a4 04 00 08 a0 00 00 00 03 00 00 00
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
<-- 105: 6f 65 84 08 a0 00 00 00 03 00 00 00 a5 59 9f 65 01 ff 9f 6e 06 47 91 12 10 38 00 73 4a 06 07 2a 86 48 86 fc 6b 01 60 0c 06 0a 2a 86 48 86 fc 6b 02 02 01 01 63 09 06 07 2a 86 48 86 fc 6b 03 64 0b 06 09 2a 86 48 86 fc 6b 04 02 55 65 0b 06 09 2b 85 10 86 48 64 02 01 03 66 0c 06 0a 2b 06 01 04 01 2a 02 6e 01 02 90 00
Command --> 8050000008006AEF403A50057300
Wrapped command --> 8050000008006AEF403A50057300
Response <-- 00003107002481967007FF02000E2A73D2AF62FF5EF835091943D1CC9000
Command --> 8482030010A1FDBED655CFA31C90C44237A68938A8
Wrapped command --> 8482030010A1FDBED655CFA31C90C44237A68938A8
Response <-- 9000
read_executable_load_file_parameters() returns 0x00000002 (No such file or directory)
error: ykneomgr_applet_install (-4): Backend error


When I try the same operation using the gpshell utility, I also get an error:

Code:
$ gpshell gpinstall.txt
mode_211
enable_trace
establish_context
establish_context failed with error 0xFFFFFFFFFFFFFFFF (libgppcscconnectionplugin.so.1.0.1: cannot open shared object file: No such file or directory)


As you can see from the commands at the top of this post, libgppcscconnectionplugin.so.1.0.1 is installed in /usr/local/lib:

Code:
$ ls -al /usr/local/lib/libgppcscconnectionplugin.so.1.0.1
-rwxr-xr-x 1 root root 41346 Oct 24 21:07 /usr/local/lib/libgppcscconnectionplugin.so.1.0.1


I have run ldconfig and the libraries are up to date.

I have tried both commands as my regular user and as root via sudo. The results are the same either way. I have also tried both the official OpenPGP 1.0.5 release as well as building the latest source in the master branch from GitHub repo. Again, the results are the same both times.

Any thoughts? I'd love to get the new cap file installed, but it's being... temperamental.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Dec 10, 2013 6:02 pm 
Offline

Joined: Mon Dec 09, 2013 6:44 am
Posts: 4
So after playing with it some more (and getting some help from a collaborator), I was able to make gpshell work by appending 'LD_LIBRARY_PATH=/usr/local/lib' to the start of the 'gpshell' command like so:

Code:
$ LD_LIBRARY_PATH=/usr/local/lib gpshell gpinstall.txt
mode_211
enable_trace
establish_context
card_connect
select -AID a000000003000000
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
Command --> 8050000008528515188DD58C5200
Wrapped command --> 8050000008528515188DD58C5200
Response <-- 00003107002481967007FF020010686CE3CA2C2B4DD91BFB42E4187E9000
Command --> 8482010010AEE8ABC511C364287196E36879C4E08E
Wrapped command --> 8482010010AEE8ABC511C364287196E36879C4E08E
Response <-- 9000
delete -AID D2760001240102000000000000010000
Command --> 80E40080124F10D276000124010200000000000001000000
Wrapped command --> 84E400801A4F10D2760001240102000000000000010000AB3727A37FA0727600
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
delete -AID D27600012401
Command --> 80E40080084F06D2760001240100
Wrapped command --> 84E40080104F06D27600012401FA0DBB4862CD0D6600
Response <-- 6A88
delete() returns 0x80206A88 (6A88: Referenced data not found.)
install -file ./applet/bin/openpgpcard/javacard/openpgpcard.cap -instParam 00 -priv 00
Command --> 80E602001906D2760001240108A0000000030000000006EF04C60228300000
Wrapped command --> 84E602002106D2760001240108A0000000030000000006EF04C602283000EC677C02F02A9E8300
Response <-- 009000
...
Command --> 80E60C003006D2760001240110D276000124010200000000000001000010D2760001240102000000000000010000010003C901000000
Wrapped command --> 84E60C003806D2760001240110D276000124010200000000000001000010D2760001240102000000000000010000010003C9010000F1382EDA79847F3C00
Response <-- 009000
card_disconnect
release_context


Using ykneomgr, however, still leads to an error:

Code:
$ LD_LIBRARY_PATH=/usr/local/lib ykneomgr -d --applet-install=./applet/bin/openpgpcard/javacard/openpgpcard.cap
Trying reader 0: Yubico Yubikey NEO OTP+CCID 00 00
atr length 20
atr: 3b fa 13 00 00 81 31 fe 15 59 75 62 69 6b 65 79 4e 45 4f a6
atr: .  .  .  .  .  .  1  .  .  Y  u  b  i  k  e  y  N  E  O  . 
logicalChannel 0
specVersion 211
--> 13: 00 a4 04 00 08 a0 00 00 05 27 20 01 01
Command --> 00A4040008A000000527200101
Wrapped command --> 00A4040008A000000527200101
Response <-- 030102018507820000009000
<-- 12: 03 01 02 01 85 07 82 00 00 00 90 00
versionMajor 3
versionMinor 1
versionBuild 2
pgmSeq 1
touchLevel 34055
mode 82
crTimeout 0
autoEjectTime 0
--> 4: 00 01 10 00
Command --> 00011000
Wrapped command --> 00011000
Response <-- 0020171C9000
<-- 6: 00 20 17 1c 90 00
serialno 2103068
--> 13: 00 a4 04 00 08 a0 00 00 00 03 00 00 00
Command --> 00A4040008A000000003000000
Wrapped command --> 00A4040008A000000003000000
Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012A026E01029000
<-- 105: 6f 65 84 08 a0 00 00 00 03 00 00 00 a5 59 9f 65 01 ff 9f 6e 06 47 91 12 10 38 00 73 4a 06 07 2a 86 48 86 fc 6b 01 60 0c 06 0a 2a 86 48 86 fc 6b 02 02 01 01 63 09 06 07 2a 86 48 86 fc 6b 03 64 0b 06 09 2a 86 48 86 fc 6b 04 02 55 65 0b 06 09 2b 85 10 86 48 64 02 01 03 66 0c 06 0a 2b 06 01 04 01 2a 02 6e 01 02 90 00
Command --> 805000000829DFE5AA1C41DA2100
Wrapped command --> 805000000829DFE5AA1C41DA2100
Response <-- 00003107002481967007FF02001356DB39257EA5C380BEA0D0D4E2D89000
Command --> 8482030010B2B8561E7831E7A7F61018F4EAF3F650
Wrapped command --> 8482030010B2B8561E7831E7A7F61018F4EAF3F650
Response <-- 9000
Command --> 80E602001906D2760001240108A0000000030000000006EF04C60228300000
Wrapped command --> 84E6020028F99CB873BC25BBE8BF7D0D3D735ABB52E7B9D1083109C5E491864FB88192526D1C2B15335582603A00
Response <-- 6985
install_for_load() returns 0x80206985 (6985: Command not allowed - Conditions of use not satisfied.)
error: ykneomgr_applet_install (-4): Backend error


But I now seem (pending verification) to have the latest version of the OpenPGP applet installed via gpshell, so progress! If anyone has any insight into the ykneomgr issue, I'm open to troubleshooting it as well.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 12 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group