New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Yubikey Neo Pin entry not working properly on Ubuntu 15.04 #73

Closed
karlgrz opened this Issue Jul 31, 2015 · 8 comments

Comments

Projects
None yet
3 participants
@karlgrz

karlgrz commented Jul 31, 2015

Greetings,

I just went through setting up a Yubikey NEO with pass.

I got all the keys exported properly, and went and re-encrypted all my entries with the new subkey. The Yubikey is successfully working on the CLI and also on android-password-store on my phone with Openkeychain.

When I try to open a password entry in qtpass now I see the following:

untitled

Let me know if there's anything else I can provide to help diagnose.

@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Jul 31, 2015

Also should mention I just pulled from source about 15 minutes ago, version 0.9.2

karlgrz commented Jul 31, 2015

Also should mention I just pulled from source about 15 minutes ago, version 0.9.2

@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Jul 31, 2015

So, after disabling gnome-keyring-daemon at startup, restarting, and then starting up qtpass, it prompted me for my Yubikey NEO pin on the first password edit click. This was successful!

But when I tried again, I see this error:

gpg: can't connect to the agent - trying fall back
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
gpg: selecting openpgp failed: Card error
gpg: decryption failed: No secret key

karlgrz commented Jul 31, 2015

So, after disabling gnome-keyring-daemon at startup, restarting, and then starting up qtpass, it prompted me for my Yubikey NEO pin on the first password edit click. This was successful!

But when I tried again, I see this error:

gpg: can't connect to the agent - trying fall back
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
gpg: selecting openpgp failed: Card error
gpg: decryption failed: No secret key
@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Jul 31, 2015

I'll also note that I was prompted for the pin again when I tried from CLI. Not sure if that matters but maybe it's similar to that problem I had with gnome-keyring before?

#60

karlgrz commented Jul 31, 2015

I'll also note that I was prompted for the pin again when I tried from CLI. Not sure if that matters but maybe it's similar to that problem I had with gnome-keyring before?

#60

@karlgrz karlgrz changed the title from Yubikey Neo not detected on Ubuntu 15.04 to Yubikey Neo Pin entry not working properly on Ubuntu 15.04 Jul 31, 2015

@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Jul 31, 2015

Ok, resolved my problem myself. In case anyone else has this problem in the future, here is how I solved it.

I disable gnome-keyring on startup.

I did not have a ~/.gnupg/gpg-agent.conf set up. In it I added this:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

Restarted, and now it works nicely, and I only get prompted one time for the pin, not once for the CLI and once for qtpass.

karlgrz commented Jul 31, 2015

Ok, resolved my problem myself. In case anyone else has this problem in the future, here is how I solved it.

I disable gnome-keyring on startup.

I did not have a ~/.gnupg/gpg-agent.conf set up. In it I added this:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

Restarted, and now it works nicely, and I only get prompted one time for the pin, not once for the CLI and once for qtpass.

@karlgrz karlgrz closed this Jul 31, 2015

@annejan

This comment has been minimized.

Show comment
Hide comment
@annejan

annejan Aug 1, 2015

Member

Thanks for reporting and fixing this.

This is an awesome find, I'll add this to the README or FAQ later today!

Member

annejan commented Aug 1, 2015

Thanks for reporting and fixing this.

This is an awesome find, I'll add this to the README or FAQ later today!

@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Aug 1, 2015

No problem! I'll update myself, if you want, but won't be able to get to it this weekend.

I forgot I also had to update my .bashrc with this :

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
fi
. /tmp/gpg-agent.env

karlgrz commented Aug 1, 2015

No problem! I'll update myself, if you want, but won't be able to get to it this weekend.

I forgot I also had to update my .bashrc with this :

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
fi
. /tmp/gpg-agent.env
@nh2

This comment has been minimized.

Show comment
Hide comment
@nh2

nh2 Mar 11, 2016

eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);

@karlgrz This is confusing: You eval the output of gpg-agent, but you also redirect it? Then the output should be the empty string, so the eval seems unnecessary.

nh2 commented Mar 11, 2016

eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);

@karlgrz This is confusing: You eval the output of gpg-agent, but you also redirect it? Then the output should be the empty string, so the eval seems unnecessary.

@karlgrz

This comment has been minimized.

Show comment
Hide comment
@karlgrz

karlgrz Mar 11, 2016

@nh2 no arguments, you're right. Probably just forgot to clean that up, ¯_(ツ)_/¯. Nice catch.

karlgrz commented Mar 11, 2016

@nh2 no arguments, you're right. Probably just forgot to clean that up, ¯_(ツ)_/¯. Nice catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment