You are not logged in.
Pages: 1
As shown here, ykneomgr can access the yubikey but gpg2 doesn't detect it.
┌[z@qrta]─[23058295-0494-4020-a9fd-bdc88a23dfcd]
└[$]> ykneomgr -m -d
Trying reader 0: Alcor Micro AU9540 00 00
SCardConnect 2148532236
Trying reader 1: Yubico Yubikey NEO OTP+CCID 01 00
--> 13: 00 a4 04 00 08 a0 00 00 05 27 20 01 01
<-- 12: 03 04 01 01 85 07 82 00 00 00 90 00
versionMajor 3
versionMinor 4
versionBuild 1
pgmSeq 1
touchLevel 34055
mode 82
crTimeout 0
autoEjectTime 0
--> 4: 00 01 10 00
<-- 6: 00 37 9e 77 90 00
serialno 3645047
82
┌[z@qrta]─[23058295-0494-4020-a9fd-bdc88a23dfcd]
└[$]> ./gpg.sh --debug-level guru --edit-key BCF7D141
gpg: WARNING: unsafe permissions on homedir '/run/media/gpio/23058295-0494-4020-a9fd-bdc88a23dfcd'
gpg (GnuPG) 2.1.7; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog
[... snip ...]
gpg> addcardkey
gpg: DBG: chan_4 -> SCD SERIALNO openpgp
gpg: DBG: chan_4 <- ERR 100663408 Card not present <SCD>
gpg: selecting openpgp failed: Card not present
gpg: key operation not possible: Card not present
gpg.sh is a short script to run gpg2 off my usb key:
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg2 --homedir="$DIR" "$@"
PCSCD is running:
┌[z@qrta]─[23058295-0494-4020-a9fd-bdc88a23dfcd]
└[$]> systemctl status pcscd
● pcscd.service - PC/SC Smart Card Daemon
Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor preset: disabled)
Active: active (running) since Tue 2015-09-08 12:39:30 BST; 30min ago
Main PID: 2136 (pcscd)
CGroup: /system.slice/pcscd.service
└─2136 /usr/bin/pcscd --foreground --auto-exit
Sep 08 12:40:52 qrta pcscd[2136]: 00000008 readerfactory.c:1043:RFInitializeReader() Open Port 0x200001 .../019)
Sep 08 12:40:52 qrta pcscd[2136]: 00000002 readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+CCID...iled.
Sep 08 12:55:36 qrta pcscd[2136]: 99999999 ccid_usb.c:747:WriteUSB() write failed (1/19): -4 LIBUSB_ERRO...EVICE
Sep 08 12:55:47 qrta pcscd[2136]: 11253033 ifdhandler.c:130:CreateChannelByNameOrChannel() failed
Sep 08 12:55:47 qrta pcscd[2136]: 00000007 readerfactory.c:1043:RFInitializeReader() Open Port 0x200000 .../020)
Sep 08 12:55:47 qrta pcscd[2136]: 00000002 readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+CCID...iled.
Sep 08 13:01:34 qrta pcscd[2136]: 99999999 ccid_usb.c:747:WriteUSB() write failed (1/20): -4 LIBUSB_ERRO...EVICE
Sep 08 13:06:07 qrta pcscd[2136]: 99999999 ifdhandler.c:130:CreateChannelByNameOrChannel() failed
Sep 08 13:06:07 qrta pcscd[2136]: 00000007 readerfactory.c:1043:RFInitializeReader() Open Port 0x200000 .../021)
Sep 08 13:06:07 qrta pcscd[2136]: 00000003 readerfactory.c:335:RFAddReader() Yubico Yubikey NEO OTP+CCID...iled.
Hint: Some lines were ellipsized, use -l to show in full.
Last edited by gpio (2015-09-08 12:11:23)
Offline
Okay, I got GPG2 to detect it. I'm not entirely sure which solution I tried made it work but I found this article http://forum.yubico.com/viewtopic.php?f=26&t=1878 and added the appropriate line to scdaemon.conf
I then started gpg-agent from my usb drive with `gpg-agent --homedir="$(pwd)"`
[z@qrta]─[2ed36dd9-75df-4fc4-aaee-e4cf5e8c8de6]
└[$]> ./gpg.sh --card-edit
gpg: WARNING: unsafe permissions on homedir '/run/media/gpio/2ed36dd9-75df-4fc4-aaee-e4cf5e8c8de6'
Application ID ...: D2760001240102000006036450470000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03645047
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 2
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
however, trying to do anything with the thing just gives a Card error
gpg> addcardkey
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select the type of key to generate:
(1) Signature key
(2) Encryption key
(3) Authentication key
Your selection? 1
gpg: error clearing forced signature PIN flag: Card error
The card errors appear to count toward failed admin passwords, since I'm now locked out of the device. I have a spare fortunately. Attempting to reset the yubikey gives "Card removed":
┌[z@qrta]─[2ed36dd9-75df-4fc4-aaee-e4cf5e8c8de6]
└[$]> gpg-connect-agent --hex --homedir="$(pwd)"
> scd apdu 00 e6 00 00
ERR 100663406 Card removed <SCD>
> scd apdu 00 e6 00 00
ERR 100663406 Card removed <SCD>
Last edited by gpio (2015-09-08 13:22:38)
Offline
Pages: 1