GPGTools fails to find yubikey

paddogg's Avatar

paddogg

05 Oct, 2021 08:07 PM

I try to setup a YubiKey 5C NFC together with GPGTools so that the private keys are stored on the Yubikey and the public key is available via http.

I follow the steps as described by Using Your YubiKey with OpenPGP. But when I try to to sign and encrypt a file I get the GPGTools dialog with the text: Please insert the card with serial number: 0006 17****** (Redacted last 6 digits).

When I run gpg2 --card-status I see the following:

Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: D******** REDACTED *************
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 17******
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : http://localhost:9090/0087D47A.asc
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: B588 E314 EF64 BE34 6136  000B DCD2 E6A7 0087 D47A
      created ....: 2021-10-05 17:55:18
Encryption key....: 6FEC 210C 85E4 9092 11DC  EC61 7DE7 2626 D621 596A
      created ....: 2021-10-05 17:55:18
Authentication key: 7AB0 39D2 E7A3 5712 5ABA  B1DE C209 4CF5 EAE0 A60D
      created ....: 2021-10-05 19:33:33
General key info..: pub  rsa4096/DCD2E6A70087D47A 2021-10-05 test (test) <[email blocked]>
sec>  rsa4096/DCD2E6A70087D47A  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb>  rsa4096/7DE72626D621596A  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb>  rsa4096/C2094CF5EAE0A60D  created: 2021-10-05  expires: never
                                card-no: 0006 17******
ssb   rsa4096/6876C0B303D80E89  created: 2021-10-05  expires: never

For some reason the keys are references by card-no: 0006 17****** which has the additional prefix 0006.

Could you please help me why GPGTools cannot find the Yubikey although it is connected?

gpg2 --version
gpg (GnuPG/MacGPG2) 2.2.27
libgcrypt 1.8.7
  1. Support Staff 1 Posted by Luke Le on 13 Oct, 2021 09:42 PM

    Luke Le's Avatar

    Hi,

    this is quite curious indeed.
    Could you try to sign a message using the following command and post its output?

    echo "Test" | gpg -sau DCD2E6A70087D47A --status-fd 1
    

    Thanks!

  2. 2 Posted by paddogg on 16 Oct, 2021 10:17 AM

    paddogg's Avatar

    Hi Luke,
    When I dug a little deeper, I saw a mixed keyring setup of GnuPG < 2.1 and newer versions. I have now fully migrated to *.kbx and delete the legacy files.

    And as of now, I got it working. I am not sure what the issue was, but exporting all keys and importing them into a clean environment fixed it.

    Cheers

  3. Support Staff 3 Posted by Steve on 19 Oct, 2021 07:07 PM

    Steve's Avatar

    Hi,

    thanks for the update. This is great news!

    Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.

    Best,
    Steve

  4. Steve closed this discussion on 19 Oct, 2021 07:07 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac