Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yubikey Neo Pin entry not working properly on Ubuntu 15.04 #73

Closed
karlgrz opened this issue Jul 31, 2015 · 8 comments
Closed

Yubikey Neo Pin entry not working properly on Ubuntu 15.04 #73

karlgrz opened this issue Jul 31, 2015 · 8 comments

Comments

@karlgrz
Copy link

karlgrz commented Jul 31, 2015

Greetings,

I just went through setting up a Yubikey NEO with pass.

I got all the keys exported properly, and went and re-encrypted all my entries with the new subkey. The Yubikey is successfully working on the CLI and also on android-password-store on my phone with Openkeychain.

When I try to open a password entry in qtpass now I see the following:

untitled

Let me know if there's anything else I can provide to help diagnose.
@karlgrz
Copy link
Author

karlgrz commented Jul 31, 2015

Also should mention I just pulled from source about 15 minutes ago, version 0.9.2

@karlgrz
Copy link
Author

karlgrz commented Jul 31, 2015

So, after disabling gnome-keyring-daemon at startup, restarting, and then starting up qtpass, it prompted me for my Yubikey NEO pin on the first password edit click. This was successful!

But when I tried again, I see this error:

gpg: can't connect to the agent - trying fall back
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
gpg: selecting openpgp failed: Card error
gpg: decryption failed: No secret key

@karlgrz
Copy link
Author

karlgrz commented Jul 31, 2015

I'll also note that I was prompted for the pin again when I tried from CLI. Not sure if that matters but maybe it's similar to that problem I had with gnome-keyring before?

#60

@karlgrz karlgrz changed the title Yubikey Neo not detected on Ubuntu 15.04 Yubikey Neo Pin entry not working properly on Ubuntu 15.04 Jul 31, 2015
@karlgrz
Copy link
Author

karlgrz commented Jul 31, 2015

Ok, resolved my problem myself. In case anyone else has this problem in the future, here is how I solved it.

I disable gnome-keyring on startup.

I did not have a ~/.gnupg/gpg-agent.conf set up. In it I added this:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

Restarted, and now it works nicely, and I only get prompted one time for the pin, not once for the CLI and once for qtpass.

@karlgrz karlgrz closed this as completed Jul 31, 2015
@annejan
Copy link
Member

annejan commented Aug 1, 2015

Thanks for reporting and fixing this.

This is an awesome find, I'll add this to the README or FAQ later today!

@karlgrz
Copy link
Author

karlgrz commented Aug 1, 2015

No problem! I'll update myself, if you want, but won't be able to get to it this weekend.

I forgot I also had to update my .bashrc with this :

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
fi
. /tmp/gpg-agent.env

@nh2
Copy link
Contributor

nh2 commented Mar 11, 2016

eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);

@karlgrz This is confusing: You eval the output of gpg-agent, but you also redirect it? Then the output should be the empty string, so the eval seems unnecessary.

@karlgrz
Copy link
Author

karlgrz commented Mar 11, 2016

@nh2 no arguments, you're right. Probably just forgot to clean that up, ¯_(ツ)_/¯. Nice catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@annejan @nh2 @karlgrz