tag:gpgtools.tenderapp.com,2011-11-04:/discussions/nightly/108-os-x-10125-yubikey-problems
GPGTools: Discussion
2017-10-22T16:30:03Z
tag:gpgtools.tenderapp.com,2011-11-04:Comment/43055900
2017-07-23T01:23:21Z
2017-07-23T01:23:23Z
OS X 10.12.5 + yubikey problems
<div><p>Recently picked up a Yubikey 4c and have been having a hell of a time debugging why gpgsuite can't use my yubikey.<br>
I've gone through several debugging steps and have listed them below.</p>
<p>When you run gpg --card-edit<br></p>
<pre>
<code>gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device</code>
</pre>
<p>So, I tried all the usual tricks of killing the scdaemon, restarting all the gpg components, with no success. What is really annoying is the same version of gpg works in archlinux.</p>
<p>Here is some debugging information provided by scdaemon<br></p>
<pre>
<code>2017-07-07 16:56:57 scdaemon[7083] DBG: chan_5 <- RESTART
2017-07-07 16:56:57 scdaemon[7083] DBG: chan_5 -> OK
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 <- GETINFO version
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 -> D 2.1.21
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 -> OK
2017-07-07 17:05:30 scdaemon[7083] DBG: chan_5 <- SERIALNO openpgp
2017-07-07 17:05:30 scdaemon[7083] DBG: enter: apdu_open_reader: portstr=(null)
2017-07-07 17:05:30 scdaemon[7083] detected reader 'Yubico Yubikey 4 OTP+U2F+CCID'
2017-07-07 17:05:30 scdaemon[7083] reader slot 0: not connected
2017-07-07 17:05:30 scdaemon[7083] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
2017-07-07 17:05:30 scdaemon[7083] DBG: enter: apdu_connect: slot=0
2017-07-07 17:05:30 scdaemon[7083] pcsc_control failed: not transacted (0x80100016)
2017-07-07 17:05:30 scdaemon[7083] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2017-07-07 17:05:30 scdaemon[7083] reader slot 0: active protocol: T1
2017-07-07 17:05:30 scdaemon[7083] slot 0: ATR=3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
2017-07-07 17:05:30 scdaemon[7083] DBG: leave: apdu_connect => sw=0x0
2017-07-07 17:05:30 scdaemon[7083] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2017-07-07 17:05:30 scdaemon[7083] DBG: PCSC_data: 00 A4 00 0C 02 3F 00
2017-07-07 17:05:33 scdaemon[7083] pcsc_transmit failed: not transacted (0x80100016)
2017-07-07 17:05:33 scdaemon[7083] apdu_send_simple(0) failed: general error
2017-07-07 17:05:33 scdaemon[7083] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2017-07-07 17:05:33 scdaemon[7083] DBG: PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01
2017-07-07 17:05:36 scdaemon[7083] pcsc_transmit failed: not transacted (0x80100016)
2017-07-07 17:05:36 scdaemon[7083] apdu_send_simple(0) failed: general error
2017-07-07 17:05:36 scdaemon[7083] can't select application 'openpgp': Not supported
2017-07-07 17:05:36 scdaemon[7083] DBG: enter: apdu_close_reader: slot=0
2017-07-07 17:05:36 scdaemon[7083] DBG: enter: apdu_disconnect: slot=0
2017-07-07 17:05:36 scdaemon[7083] DBG: leave: apdu_disconnect => sw=0x0
2017-07-07 17:05:36 scdaemon[7083] DBG: leave: apdu_close_reader => 0x0 (close_reader)
2017-07-07 17:05:36 scdaemon[7083] DBG: chan_5 -> ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 scdaemon[7083] DBG: chan_5 <- RESTART</code>
</pre>
and more information from gpg-agent.log<br>
<pre>
<code>2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK Pleased to meet you
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- RESET
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION ttyname=/dev/ttys000
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION ttytype=xterm-256color
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION lc-ctype=en_US.UTF-8
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION lc-messages=en_US.UTF-8
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION allow-pinentry-notify
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- OPTION agent-awareness=2.1.0
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- SCD GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] new connection to SCdaemon established (reusing)
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 -> GETINFO version
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 <- D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 <- OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> D 2.1.21
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 -> OK
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_8 <- SCD SERIALNO openpgp
2017-07-07 17:05:30 gpg-agent[7082] DBG: chan_9 -> SERIALNO openpgp
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_9 <- ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_8 -> ERR 100696144 Operation not supported by device <SCD>
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_8 <- [eof]
2017-07-07 17:05:36 gpg-agent[7082] DBG: chan_9 -> RESTART</code>
</pre>
Here is my scdaemon.conf that I've already tried some troubleshooting settings<br>
<pre>
<code>pcsc-driver /System/Library/Frameworks/PCSC.framework/PCSC
card-timeout 1
disable-ccid
log-file /Users/admin/.gnupg/scdaemon.log.txt
verbose
debug-level guru</code>
</pre>
<p>gpg version<br></p>
<pre>
<code>gpg --version
gpg (GnuPG) 2.1.21
libgcrypt 1.7.8</code>
</pre>
os version<br>
<pre>
<code>uname -a
Darwin admins-Mac.local 16.6.0 Darwin Kernel Version 16.6.0: Fri Apr 14 16:21:16 PDT 2017; root:xnu-3789.60.24~6/RELEASE_X86_64 x86_64</code>
</pre>
<p>pcsctest seems to be able to communicate<br></p>
<pre>
<code>pcsctest<br><br>
<br>MUSCLE PC/SC Lite Test Program<br><br>
<br>Testing SCardEstablishContext : Command successful.
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaders : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID
Enter the reader number : 1
Waiting for card insertion<br> : Command successful.
Testing SCardConnect : Command successful.
Testing SCardStatus : Command successful.
Current Reader Name : Yubico Yubikey 4 OTP+U2F+CCID
Current Reader State : 0x54
Current Reader Protocol : 0x1
Current Reader ATR Size : 18 (0x12)
Current Reader ATR Value : 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
Testing SCardDisconnect : Command successful.
Testing SCardReleaseContext : Command successful.
Testing SCardEstablishContext : Command successful.
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaders : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID</code>
</pre>
<p>Using the latest nightly build GPG Suite 2017.1 (1935n)</p>
<p>Anyone got any ideas or have yubikey 4 + gpgsuite working on os x 10.12.5?</p></div>
macosx2017
tag:gpgtools.tenderapp.com,2011-11-04:Comment/43055900
2017-08-01T14:57:19Z
2017-08-01T14:57:19Z
OS X 10.12.5 + yubikey problems
<div><p>Hi,</p>
<p>it's quite strange that scdaemon is saying:<br>
2017-07-07 17:05:36 scdaemon[7083] can't select application 'openpgp': Not supported<br>
which to me would say, that the Yubikey doesn't support OpenPGP, which it does.</p>
<p>We've added a very experimental option to scdaemon which allows it to establish a shared connection to the token. That could help you.</p>
<p>In order to try that add the following line to ~/.gnupg/scdaemon.conf:</p>
<pre>
<code>shared-access</code>
</pre>
<p>Please let us know if that helps.</p></div>
Luke Le
tag:gpgtools.tenderapp.com,2011-11-04:Comment/43055900
2017-10-22T16:30:02Z
2017-10-22T16:30:02Z
OS X 10.12.5 + yubikey problems
<div><p>Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.</p>
<p>All the best, steve</p></div>
Steve