OATH read code APDUError

[SharpEdgeMarshall]

• YubiKey Manager (ykman) version: 3.1.1
• How was it installed?: brew
• Operating system and version: MacOS
• YubiKey model and version: 5 NFC
• Bug description summary: OATH read code APDUError

Steps to reproduce

The Yubikey worked well until now.
Today after doing a write OATH using Yubico Authenticator android app with NFC the Yubikey OATH feature stopped working.
The android app shows "error in Yubikey communication".
I attached the Yubikey to the mac and used ykman oath list it shows my OTP list but if I try to launch ykman oath code it throws an APDUError:

Traceback (most recent call last):
  File "/usr/local/bin/ykman", line 11, in <module>
    load_entry_point('yubikey-manager==3.1.1', 'console_scripts', 'ykman')()
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/ykman/cli/__main__.py", line 273, in main
    cli(obj={})
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/ykman/cli/oath.py", line 347, in code
    for (cr, c) in controller.calculate_all()
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/ykman/oath.py", line 371, in calculate_all
    return list(_gen_all())
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/ykman/oath.py", line 349, in _gen_all
    resp = self.send_apdu(INS.CALCULATE_ALL, 0, 0x01, data)
  File "/usr/local/Cellar/ykman/3.1.1_1/libexec/lib/python3.8/site-packages/ykman/oath.py", line 260, in send_apdu
    raise APDUError(resp, sw)
ykman.driver_ccid.APDUError: APDU error: SW=0x6581

Does this error mean that I've lost all my secrets?
I should send my Yubikey back for a warranty repair?

UPDATE

I've been able to make it work again deleting the new entry with ykman oath delete <MY NEW OTP>
Maybe this should be handled better or documented as a recovery method

[dainnilsson]

I'm relieved you were able to recover from the situation, and thanks so much for the detailed information, it's already given us a few leads to investigate. Based on your experience, I believe something went wrong with adding the new credential, likely due to the nature of NFC being an unreliable channel. We'll do some experimentation to see if we can reproduce this internally, and see how to best improve our apps to handle this situation. Again, showing that it's something we can recover from (at least in your specific case) means there is definite room for improvement here!

[brandoncurtis]

Same problem. Happened on a botched credential add via NFC. Same solution.

[aajtodd]

Seeing same issue:

Traceback (most recent call last):
  File "/usr/bin/ykman", line 11, in <module>
    load_entry_point('ykman==4.0.7', 'console_scripts', 'ykman')()
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/ykman/cli/__main__.py", line 378, in main
    cli(obj={})
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1137, in __call__
    return self.main(*args, **kwargs)
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1062, in main
    rv = self.invoke(ctx)
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1668, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1668, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1668, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/core.py", line 763, in invoke
    return __callback(*args, **kwargs)
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/click/decorators.py", line 26, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/ykman/cli/oath.py", line 582, in code
    entries = session.calculate_all()
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/yubikit/oath.py", line 391, in calculate_all
    self.protocol.send_apdu(
  File "/opt/venvs/yubikey-manager/lib/python3.8/site-packages/yubikit/core/smartcard.py", line 177, in send_apdu
    raise ApduError(response, sw)
yubikit.core.smartcard.ApduError: APDU error: SW=0x6581

I removed what looked liked a corrupted account, I don't want to remove any of the others but I can't generate codes for anything either. Any suggestions on how to get past this?