tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/60032-yubikey-4-unrecognized-after-upgrade-restartGPGTools: Discussion 2018-10-18T19:58:33Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/437507992017-10-13T03:26:03Z2017-10-13T03:36:51ZYubikey 4 unrecognized after upgrade + restart<div><p><strong>Which of our tools is giving you problems?</strong></p>
<p>Yubikey 4</p>
<p><strong>Attach a screenshot of the version info for all installed components:</strong></p>
<p>See below.</p>
<p><strong>Describe your problem. Add as much detail as possible.</strong></p>
<p>Yubikey 4 was working fine after upgrade, but once system was restarted, device is no longer recognized.</p>
<pre>
<code>gpg --card-status
gpg: selecting openpgp failed: Operation not supported by device
gpg: OpenPGP card not available: Operation not supported by device</code>
</pre>
<p>I have tried the following:</p>
<ul>
<li>inserting and removing Yubikey 4 hundreds of times</li>
<li>deleting <code>~/gnupg</code>, reimporting pubkeys, etc</li>
<li>killing <code>gpg-agent</code> and related processes one by one</li>
<li>using <code>pcsctest</code> and <code>pcsc_scan</code> to find more info</li>
<li><a href="https://gpgtools.tenderapp.com/kb/faq/gpg-suite-20171-gnupg-20-gnupg-22-migration-help#my-yubikey-does-no-longer-work-">Enabled / Disabled CCID support using Yubikey Manager</a> (many times in combo with items above)</li>
<li>Restarted computer</li>
</ul>
<p><strong>What did you expect instead</strong></p>
<p>Yubikey 4 should work with <code>gpg --card-status</code> for example.</p>
<p><strong>Describe steps leading to the problem.</strong></p>
<p>Upgraded to latest version after being prompted a dozen times.</p>
<p><strong>Are you using any other Mail.app plugins?</strong></p>
<p>No.</p>
<p><strong>More debug info:</strong></p>
<pre>
<code>gpg --version
gpg (GnuPG/MacGPG2) 2.2.0
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /Users/jc/.gnupg
...</code>
</pre>
<pre>
<code>pcsctest
MUSCLE PC/SC Lite Test Program
Testing SCardEstablishContext : Command successful.
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaders : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID
Enter the reader number : 01
Waiting for card insertion
: Command successful.
Testing SCardConnect : Command successful.
Testing SCardStatus : Command successful.
Current Reader Name : Yubico Yubikey 4 OTP+U2F+CCID
Current Reader State : 0x54
Current Reader Protocol : 0x1
Current Reader ATR Size : 18 (0x12)
Current Reader ATR Value : 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
Testing SCardDisconnect : Command successful.
Testing SCardReleaseContext : Command successful.
Testing SCardEstablishContext : Command successful.
Testing SCardGetStatusChange
Please insert a working reader : Command successful.
Testing SCardListReaders : Command successful.
Reader 01: Yubico Yubikey 4 OTP+U2F+CCID</code>
</pre>
<pre>
<code>pcsc_scan
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <ludovic.rousseau@free.fr>
Plug'n play reader name not supported. Using polling every 1000 ms.
Scanning present readers...
0: Yubico Yubikey 4 OTP+U2F+CCID
Fri Oct 13 05:15:42 2017
Reader 0: Yubico Yubikey 4 OTP+U2F+CCID
Card state: Card inserted, Shared Mode,
ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
ATR: 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
+ TS = 3B --> Direct Convention
+ T0 = F8, Y(1): 1111, K: 8 (historical bytes)
TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 59 75 62 69 6B 65 79 34
Category indicator byte: 59 (proprietary format)
+ TCK = D4 (correct checksum)
Possibly identified card (using /usr/local/share/pcsc/smartcard_list.txt):
3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
Yubico Yubikey 4 OTP+CCID</code>
</pre>
<p>OLD info from device (from before the upgrade):</p>
<pre>
<code>gpg --card-status
Reader ...........: Yubico Yubikey 4 OTP U2F CCID
Application ID ...: D2760001240102010006********0000
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: ********
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 9
Signature key ....: 32C9 37EB 53DA F522 261B 7E5C D857 8DF8 EA7C CF1B
created ....: 2016-02-01 19:01:40
Encryption key....: A8B2 C7AF A3F1 E359 3F40 E756 8E17 19FE 1E8D A9B9
created ....: 2016-02-01 19:05:27
Authentication key: E8CC 29F2 EA68 BA07 4066 C45A 3974 28FC 5BA6 0C24
created ....: 2016-02-01 19:06:23
General key info..: sub rsa2048/D8578DF8EA7CCF1B 2016-02-01 Jonathan Cross <***************@gmail.com>
sec# rsa4096/C0C076132FFA7695 created: 2016-02-01 expires: 2020-01-31
ssb> rsa2048/D8578DF8EA7CCF1B created: 2016-02-01 expires: 2019-02-07
card-no: 0006 ********
ssb> rsa2048/8E1719FE1E8DA9B9 created: 2016-02-01 expires: 2019-02-07
card-no: 0006 ********
ssb> rsa2048/397428FC5BA60C24 created: 2016-02-01 expires: 2019-02-07
card-no: 0006 ********</code>
</pre></div>jcrosstag:gpgtools.tenderapp.com,2011-11-04:Comment/437507992017-10-13T11:13:31Z2017-10-13T11:13:31ZYubikey 4 unrecognized after upgrade + restart<div><p>Should you be available, could you hop on our live chat here:<br>
<a href="https://www.hipchat.com/gyyOrLdWt">https://www.hipchat.com/gyyOrLdWt</a></p>
<p>We can't promise a solution, but we'd like to inspect this problem in more detail.</p>
<p>All the best<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/437507992017-10-13T12:16:36Z2017-10-13T12:16:36ZYubikey 4 unrecognized after upgrade + restart<div><p><strong>Solution:</strong></p>
<p>Add <code>shared-access</code> line to ~/.gnupg/scdaemon.conf</p>
<p>May need to then kill all processes (not necessary in my case):</p>
<pre>
<code>killall gpg-agent; killall scdaemon; killall gpg; killall dirmngr; gpgconf --kill all</code>
</pre>
<p>And / or insert / remove the Yubikey.</p>
<p>Thanks to "Luke Le" in the chat system!</p></div>jcross