Yubikey 4 unrecognized after upgrade + restart

jcross's Avatar

jcross

13 Oct, 2017 03:26 AM

Which of our tools is giving you problems?

Yubikey 4

Attach a screenshot of the version info for all installed components:

See below.

Describe your problem. Add as much detail as possible.

Yubikey 4 was working fine after upgrade, but once system was restarted, device is no longer recognized.

gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device

I have tried the following:

  • inserting and removing Yubikey 4 hundreds of times
  • deleting ~/gnupg, reimporting pubkeys, etc
  • killing gpg-agent and related processes one by one
  • using pcsctest and pcsc_scan to find more info
  • Enabled / Disabled CCID support using Yubikey Manager (many times in combo with items above)
  • Restarted computer

What did you expect instead

Yubikey 4 should work with gpg --card-status for example.

Describe steps leading to the problem.

Upgraded to latest version after being prompted a dozen times.

Are you using any other Mail.app plugins?

No.

More debug info:

gpg --version
gpg (GnuPG/MacGPG2) 2.2.0
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/jc/.gnupg
...
pcsctest

MUSCLE PC/SC Lite Test Program

Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange 
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID
Enter the reader number          : 01
Waiting for card insertion         
                                 : Command successful.
Testing SCardConnect             : Command successful.
Testing SCardStatus              : Command successful.
Current Reader Name              : Yubico Yubikey 4 OTP+U2F+CCID
Current Reader State             : 0x54
Current Reader Protocol          : 0x1
Current Reader ATR Size          : 18 (0x12)
Current Reader ATR Value         : 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4 
Testing SCardDisconnect          : Command successful.
Testing SCardReleaseContext      : Command successful.
Testing SCardEstablishContext    : Command successful.
Testing SCardGetStatusChange 
Please insert a working reader   : Command successful.
Testing SCardListReaders         : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID
pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <[email blocked]>
Plug'n play reader name not supported. Using polling every 1000 ms.
Scanning present readers...
0: Yubico Yubikey 4 OTP+U2F+CCID
 
Fri Oct 13 05:15:42 2017
 Reader 0: Yubico Yubikey 4 OTP+U2F+CCID
  Card state: Card inserted, Shared Mode, 
  ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4

ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
+ TS = 3B --> Direct Convention
+ T0 = F8, Y(1): 1111, K: 8 (historical bytes)
  TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
    43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 59 75 62 69 6B 65 79 34
  Category indicator byte: 59 (proprietary format)
+ TCK = D4 (correct checksum)

Possibly identified card (using /usr/local/share/pcsc/smartcard_list.txt):
3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
    Yubico Yubikey 4 OTP+CCID

OLD info from device (from before the upgrade):

gpg --card-status

Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006********0000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: ********
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 9
Signature key ....: 32C9 37EB 53DA F522 261B  7E5C D857 8DF8 EA7C CF1B
      created ....: 2016-02-01 19:01:40
Encryption key....: A8B2 C7AF A3F1 E359 3F40  E756 8E17 19FE 1E8D A9B9
      created ....: 2016-02-01 19:05:27
Authentication key: E8CC 29F2 EA68 BA07 4066  C45A 3974 28FC 5BA6 0C24
      created ....: 2016-02-01 19:06:23
General key info..: sub  rsa2048/D8578DF8EA7CCF1B 2016-02-01 Jonathan Cross <***************@gmail.com>
sec#  rsa4096/C0C076132FFA7695  created: 2016-02-01  expires: 2020-01-31
ssb>  rsa2048/D8578DF8EA7CCF1B  created: 2016-02-01  expires: 2019-02-07
                                card-no: 0006 ********
ssb>  rsa2048/8E1719FE1E8DA9B9  created: 2016-02-01  expires: 2019-02-07
                                card-no: 0006 ********
ssb>  rsa2048/397428FC5BA60C24  created: 2016-02-01  expires: 2019-02-07
                                card-no: 0006 ********
  1. Support Staff 1 Posted by Steve on 13 Oct, 2017 11:13 AM

    Steve's Avatar

    Should you be available, could you hop on our live chat here:
    https://www.hipchat.com/gyyOrLdWt

    We can't promise a solution, but we'd like to inspect this problem in more detail.

    All the best
    steve

  2. 2 Posted by jcross on 13 Oct, 2017 12:16 PM

    jcross's Avatar

    Solution:

    Add shared-access line to ~/.gnupg/scdaemon.conf

    May need to then kill all processes (not necessary in my case):

    killall gpg-agent; killall scdaemon; killall gpg; killall dirmngr; gpgconf --kill all
    

    And / or insert / remove the Yubikey.

    Thanks to "Luke Le" in the chat system!

  3. jcross closed this discussion on 13 Oct, 2017 12:17 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac