Yubikey Neo Pin entry not working properly on Ubuntu 15.04 #73

Closed
karlgrz opened this Issue Jul 31, 2015 · 8 comments

Projects

None yet

3 participants

@karlgrz
karlgrz commented Jul 31, 2015

Greetings,

I just went through setting up a Yubikey NEO with pass.

I got all the keys exported properly, and went and re-encrypted all my entries with the new subkey. The Yubikey is successfully working on the CLI and also on android-password-store on my phone with Openkeychain.

When I try to open a password entry in qtpass now I see the following:

untitled

Let me know if there's anything else I can provide to help diagnose.

@karlgrz
karlgrz commented Jul 31, 2015

Also should mention I just pulled from source about 15 minutes ago, version 0.9.2

@karlgrz
karlgrz commented Jul 31, 2015

So, after disabling gnome-keyring-daemon at startup, restarting, and then starting up qtpass, it prompted me for my Yubikey NEO pin on the first password edit click. This was successful!

But when I tried again, I see this error:

gpg: can't connect to the agent - trying fall back
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
gpg: selecting openpgp failed: Card error
gpg: decryption failed: No secret key
@karlgrz
karlgrz commented Jul 31, 2015

I'll also note that I was prompted for the pin again when I tried from CLI. Not sure if that matters but maybe it's similar to that problem I had with gnome-keyring before?

#60

@karlgrz karlgrz changed the title from Yubikey Neo not detected on Ubuntu 15.04 to Yubikey Neo Pin entry not working properly on Ubuntu 15.04 Jul 31, 2015
@karlgrz
karlgrz commented Jul 31, 2015

Ok, resolved my problem myself. In case anyone else has this problem in the future, here is how I solved it.

I disable gnome-keyring on startup.

I did not have a ~/.gnupg/gpg-agent.conf set up. In it I added this:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

Restarted, and now it works nicely, and I only get prompted one time for the pin, not once for the CLI and once for qtpass.

@karlgrz karlgrz closed this Jul 31, 2015
@annejan
Member
annejan commented Aug 1, 2015

Thanks for reporting and fixing this.

This is an awesome find, I'll add this to the README or FAQ later today!

@karlgrz
karlgrz commented Aug 1, 2015

No problem! I'll update myself, if you want, but won't be able to get to it this weekend.

I forgot I also had to update my .bashrc with this :

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
fi
. /tmp/gpg-agent.env
@nh2
nh2 commented Mar 11, 2016

eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);

@karlgrz This is confusing: You eval the output of gpg-agent, but you also redirect it? Then the output should be the empty string, so the eval seems unnecessary.

@karlgrz
karlgrz commented Mar 11, 2016

@nh2 no arguments, you're right. Probably just forgot to clean that up, ¯_(ツ)_/¯. Nice catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment