Yubikey not working for dates or revcation certs

Brad King's Avatar

Brad King

04 Aug, 2018 09:14 PM

Which of our tools is giving you problems? gpg CLI and GPG Keychainn GUI

Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):

Attached

Describe your problem. Add as much detail as possible. I have 2 Yubikeys which have been configured and can successfully do ssh auth and encrypt/decrypt of files. I cannot do any certifciate based operations (like generate a revocation certificate or change validity dates.

What did you expect instead

Describe steps leading to the problem.

Either on cli or gui I attempt to change validity and it is always refused. "no secret key"

As an example here is text from CLI:
gpg --card-status

Reader ...........: Yubico Yubikey NEO OTP U2F CCID
Application ID ...: D2760001240102000006065155810000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 065xxxxx1
Name of cardholder: King Bradley
Language prefs ...: en
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [email blocked]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: B509 014F 8477 86B5 6A3B E0A6 F53C CB29 D6BE 0D00
created ....: 2018-02-16 23:33:20 Encryption key....: 9ED9 80DC 710D 563F 10C3 DBAA 679D 1192 0B58 833F
created ....: 2018-02-16 23:34:01 Authentication key: 36D5 A4BA DA70 36D3 F1FA 7577 A9E8 EFC7 CABD A4CE
created ....: 2018-02-16 23:34:48 General key info..: sub rsa2048/0xF53CCB29D6BE0D00 2018-02-16 Bradley King [email blocked]
sec# rsa2048/0xBBC6D0C20DD48288 created: 2018-02-16 expires: never
ssb> rsa2048/0xF53CCB29D6BE0D00 created: 2018-02-16 expires: never
card-no: 0006 065xxxx81 ssb> rsa2048/0x679D11920B58833F created: 2018-02-16 expires: never
card-no: 0006 0651xxxx81 ssb> rsa2048/0xA9E8EFC7CABDA4CE created: 2018-02-16 expires: never
card-no: 0006 06xxxxx81 ~/.gnupg=> ~/.gnupg=>gpg --edit-key 0xF53CCB29D6BE0D00 gpg (GnuPG/MacGPG2) 2.2.8; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret subkeys are available.

pub rsa2048/0xBBC6D0C20DD48288
created: 2018-02-16 expires: never usage: SC
trust: ultimate validity: ultimate ssb rsa2048/0xF53CCB29D6BE0D00
created: 2018-02-16 expires: never usage: S
card-no: 0006 0651xxx81 ssb rsa2048/0x679D11920B58833F
created: 2018-02-16 expires: never usage: E
card-no: 0006 06xxx81 ssb rsa2048/0xA9E8EFC7CABDA4CE
created: 2018-02-16 expires: never usage: A
card-no: 0006 0xxx81 ultimate. Bradley King [email blocked]

gpg> toggle
Need the secret key to do this.

gpg> key 1

pub rsa2048/0xBBC6D0C20DD48288
created: 2018-02-16 expires: never usage: SC
trust: ultimate validity: ultimate ssb* rsa2048/0xF53CCB29D6BE0D00
created: 2018-02-16 expires: never usage: S
card-no: 0006 06515581 ssb rsa2048/0x679D11920B58833F
created: 2018-02-16 expires: never usage: E
card-no: 0006 06515581 ssb rsa2048/0xA9E8EFC7CABDA4CE
created: 2018-02-16 expires: never usage: A
card-no: 0006 06515581 ultimate. Bradley King [email blocked]

gpg> expire
Changing expiration time for a subkey.
Please specify how long the key should be valid.
0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 6m
Key expires at Thu Jan 31 15:00:37 2019 CST
Is this correct? (y/N) y
gpg: signing failed: No secret key
gpg: make_keysig_packet failed: No secret key

Same results with GUI see enclosed jpeg

Are you using any other Mail.app plugins? No, but the problem seems not to be related to mail.
I have a different problem with mail.app in that it only encrypts with one of my 2 keys no matter which one I chose. It signs with the one I chose, but only encrypts with one of the 2. That's less serious I don't encrypt mails much.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Already uploaded files

  • Screen_Shot_2018-08-04_at_12.02.30.png 467 KB
  • Screen_Shot_2018-08-04_at_12.03.58.png 85.8 KB

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac