[BUG] False error message when using a Yubikey to store encrypt key

rbondi's Avatar


17 Apr, 2015 01:30 AM

GPGMail 1.2b6 (1057b)

Summary: GPGMail correctly reports an error if you try to read an encrypted email with the Yubkey removed; but if you re-insert the Yubkey and try to read the encrypted email, GPGMail does decrypt the email, but also displays an error saying it could not. (See screenshot.) This is probably true with any smartcard, not just a Yubikey.

What did you expect instead

Mail should have displayed the decrypted email content without an error message. (> Also, it would be nice if instead of "unknown error," GPGMail would say what the error is, eg something like: "Decryption key not found: maybe your smartcard is not inserted?")


  1. Set things up so that your GPGKeychain has a private encryption key stub pointing to an actual private encryption key on your inserted Yubikey. (For this test, make the key have your own email address, so you can send and receive encrypted mail to yourself.)

    • Follow the instructions here (note the errata in the comments) to do this. (You can skip resetting the PINs if you want.)
  2. Make sure your Yubikey is inserted.

  3. Launch Mail.

  4. Send an encrypted, unsigned email to yourself. (You'll be prompted for your Yubikey PIN to encrypt.)

  5. When it comes back, click it.

    GPG Mail will correctly display the decrypted contents.

  6. Click on a different, unencrypted email.

  7. Eject the Yubikey.

  8. Click on the encrypted email again.

    GPGMail will fail to decrypt it, and display a "Decryption failed with unknown error" message.

    • This is good! GPGMail should not be able to decrypt if the Yubikey is not inserted! :-)
  9. Click on some unencrypted email.

  10. Re-insert your Yubikey.

  11. Click on the encrypted email again.

    Mail will display the decrypted contents, but with the same error message as above (see screenshot).

No other plugins are installed.

Other info:
MacGPG2 2.0.27
libgcrypt 1.6.3
OSX 10.10.3 (14D131)

ykpersonalize -V
Firmware version 3.4.0 Touch level 1797 Program sequence 2
Unsupported firmware revision - some features may not be available
Please see https://developers.yubico.com/... for more information.
Yubikey core error: unsupported firmware version

Yubikey Personalization Tool says it's firmware 3.4.0, Slot 1 configured, no errors.

  1. Support Staff 1 Posted by Steve on 17 Jul, 2015 10:20 AM

    Steve's Avatar

    Hi rbondi,

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll receive a notification. Feel free to open a new discussions should you run into further problems or need assistance.

    All the best,

  2. Steve closed this discussion on 26 Nov, 2015 09:51 PM.

  3. Support Staff 2 Posted by Steve on 31 Jul, 2017 04:03 PM

    Steve's Avatar

    Hi rbondi,

    this issue has been fixed. If you want to test the fix, please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download.

    Should the problem persist, please re-open this discussion and let us know. For more questions that are not related to this specific problem, you are welcome to create a new discussion any time.

    Best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.

  4. Steve closed this discussion on 31 Jul, 2017 04:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac