Yubikey Neo Pin entry not working properly on Ubuntu 15.04 #73

karlgrz opened this Issue Jul 31, 2015 · 8 comments


None yet

3 participants

karlgrz commented Jul 31, 2015


I just went through setting up a Yubikey NEO with pass.

I got all the keys exported properly, and went and re-encrypted all my entries with the new subkey. The Yubikey is successfully working on the CLI and also on android-password-store on my phone with Openkeychain.

When I try to open a password entry in qtpass now I see the following:


Let me know if there's anything else I can provide to help diagnose.

karlgrz commented Jul 31, 2015

Also should mention I just pulled from source about 15 minutes ago, version 0.9.2

karlgrz commented Jul 31, 2015

So, after disabling gnome-keyring-daemon at startup, restarting, and then starting up qtpass, it prompted me for my Yubikey NEO pin on the first password edit click. This was successful!

But when I tried again, I see this error:

gpg: can't connect to the agent - trying fall back
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
scdaemon[3331]: PC/SC OPEN failed: unknown PC/SC error code (0x8010002e)
gpg: selecting openpgp failed: Card error
gpg: decryption failed: No secret key
karlgrz commented Jul 31, 2015

I'll also note that I was prompted for the pin again when I tried from CLI. Not sure if that matters but maybe it's similar to that problem I had with gnome-keyring before?


@karlgrz karlgrz changed the title from Yubikey Neo not detected on Ubuntu 15.04 to Yubikey Neo Pin entry not working properly on Ubuntu 15.04 Jul 31, 2015
karlgrz commented Jul 31, 2015

Ok, resolved my problem myself. In case anyone else has this problem in the future, here is how I solved it.

I disable gnome-keyring on startup.

I did not have a ~/.gnupg/gpg-agent.conf set up. In it I added this:

default-cache-ttl 600
max-cache-ttl 7200

Restarted, and now it works nicely, and I only get prompted one time for the pin, not once for the CLI and once for qtpass.

@karlgrz karlgrz closed this Jul 31, 2015
annejan commented Aug 1, 2015

Thanks for reporting and fixing this.

This is an awesome find, I'll add this to the README or FAQ later today!

karlgrz commented Aug 1, 2015

No problem! I'll update myself, if you want, but won't be able to get to it this weekend.

I forgot I also had to update my .bashrc with this :

# OpenPGP applet support for YubiKey NEO
if [ ! -f /tmp/gpg-agent.env ]; then
    killall gpg-agent;
        eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);
. /tmp/gpg-agent.env
nh2 commented Mar 11, 2016

eval $(gpg-agent --daemon --enable-ssh-support > /tmp/gpg-agent.env);

@karlgrz This is confusing: You eval the output of gpg-agent, but you also redirect it? Then the output should be the empty string, so the eval seems unnecessary.

karlgrz commented Mar 11, 2016

@nh2 no arguments, you're right. Probably just forgot to clean that up, ¯_(ツ)_/¯. Nice catch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment