PIN auth issue. #11
Comments
|
Hello, This looks very much like an old bug we had (fixed in ae946ad) do you think you could try to reload the applet and report back? A pre-built cap file can be found at http://opensource.yubico.com/ykneo-openpgp/releases.html and arch linux seems to package gpshell that is needed to load it. /klas |
|
Klas, Thanks for getting back to me so quickly. I was mostly contacting you guys in case this was not a known issue. I'll go ahead and load a new applet onto the NEO from source. Doesn't take long. Having an issue with gpshell at the moment though. Still playing with it. mode_211 Edit: Edit 2: Take care, |
|
Very good! /klas |
|
@westonmyers : I'm having the same issue with gpshell ( list_readers failed with error 0x8010002E (Cannot find a smart card reader.) on ArchLinux. Could you mention what you did to resolve this error? I've not had any luck so far :-/ |
|
I am currently trying to retrace what I did so that I can remember. I didn't post my steps here at the time as it was environmental. May have been that the pcscd.service wasn't active at the time of trying to use opensc (via the gpshell script). systemctl enable pcscd.socketsystemctl start pcscd.socketsystemctl enable pcscd.servicesystemctl start pcscd.service(Maybe only enable socket since it should spin up service?) Then see how it goes. Cheers, |
|
@BinaryParadox @westonmyers I just received my yubikey today and I’m having the exact same problem :( Did you resolve this? And how please? |
|
It seems after installing the |
|
Ok sorry for my previous comment, since my yubikey is brand new, I had to use |
Copy from http://forum.yubico.com/viewtopic.php?f=26&t=1145
Hello,
I created a pgp keypair with my Yubikey as outlined. It seemed to work as far as I knew. Today came the time to actually test it. That said, it's not behaving at all. It seems that the PIN is not being accepted properly. Below is the excerpt of my terminal while working on this. (Encryption and Auth keys edited out as I felt this was unnecessary.)
Notable things:
PIN retry counter at 0.
I unblock it successfully and use a simple password (123456) for this example.
(While not shown here, I can do a "verify" command here and the PIN retry counter will tick down to 2.)
I exit out though to do what I was hoping.
I have a file that a friend encrypted.
It's not taking the password.
Fun times.
Thanks for your time,
Weston
Arch Linux (Fully updated.)
gpg (GnuPG) 2.0.21
libgcrypt 1.5.3
➜ Downloads gpg --card-edit
gpg: enabled debug flags: memstat
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: Weston Myers
Language prefs ...: en
Sex ..............: male
URL of public key : http://sec.westonmyers.com/pgppubstore/weston+pgp@ieee.org
Login data .......: westonmyers
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 3
Signature counter : 14
Signature key ....: A679 6687 3661 82F4 2A9B BE0E FAA5 D450 6A4B B09A
created ....: 2013-08-16 08:01:24
Encryption key....: [REDACTED]
created ....: 2013-08-16 08:01:24
Authentication key: [REDACTED]
created ....: 2013-08-16 08:01:24
General key info..:
pub 2048R/6A4BB09A 2013-08-16 Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) <weston+p
gp@ieee.org>
sec> 2048R/6A4BB09A created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
ssb> 2048R/493D77FB created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
ssb> 2048R/A42FF1AE created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
gpg/card> unblock
gpg: OpenPGP card no. D2760001240102000000000000010000 detected
PIN changed.
gpg/card> list
Application ID ...: D2760001240102000000000000010000
Version ..........: 2.0
Manufacturer .....: test card
Serial number ....: 00000001
Name of cardholder: Weston Myers
Language prefs ...: en
Sex ..............: male
URL of public key : http://sec.westonmyers.com/pgppubstore/weston+pgp@ieee.org
Login data .......: westonmyers
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 14
Signature key ....: A679 6687 3661 82F4 2A9B BE0E FAA5 D450 6A4B B09A
created ....: 2013-08-16 08:01:24
Encryption key....: [REDACTED]
created ....: 2013-08-16 08:01:24
Authentication key: [REDACTED]
created ....: 2013-08-16 08:01:24
General key info..:
pub 2048R/6A4BB09A 2013-08-16 Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) <weston+p
gp@ieee.org>
sec> 2048R/6A4BB09A created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
ssb> 2048R/493D77FB created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
ssb> 2048R/A42FF1AE created: 2013-08-16 expires: 2014-08-16
card-no: 0000 00000001
gpg/card> quit
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
➜ Downloads gpg -v -o doc.txt --decrypt signed_6A4BB09A_encrypted.acs
gpg: enabled debug flags: memstat
Version: GnuPG v1.4.12 (Darwin)
gpg: armor header:
gpg: public key is A42FF1AE
gpg: using subkey A42FF1AE instead of primary key 6A4BB09A
gpg: using subkey A42FF1AE instead of primary key 6A4BB09A
gpg: encrypted with 2048-bit RSA key, ID A42FF1AE, created 2013-08-16
"Weston L Myers (No trees were killed to send this message; however, a large number of electrons were terribly inconvenienced...) weston+pgp@ieee.org"
gpg: public key decryption failed: Card error
gpg: decryption failed: No secret key
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
The text was updated successfully, but these errors were encountered: