Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

yubikey 5c ykman opengpg commands fail #495

Closed
KlavsKlavsen opened this issue Apr 4, 2022 · 7 comments
Closed

yubikey 5c ykman opengpg commands fail #495

KlavsKlavsen opened this issue Apr 4, 2022 · 7 comments

Comments

@KlavsKlavsen
Copy link

  • YubiKey Manager (ykman) version: 4.0.0~a1-4 and 4.0.8
  • How was it installed?: 4.0.0 with apt install on ubuntu 21.10 and then I tried pip install -U yubikey-manager
  • Operating system and version: Ubuntu 21.10
  • YubiKey model and version:5C nano firmware 5.1.2
  • Bug description summary:
    When I run any ykman opengpg command I get this:
$ ykman openpgp info
Error: No YubiKey found with the given interface(s)
$ ykman openpgp keys set-touch aut on
Error: No YubiKey found with the given interface(s)
$ ykman info
Device type: YubiKey 5C Nano
Serial number: 10124802
Firmware version: 5.1.2
Form factor: Nano (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID

Applications
FIDO2           Enabled      
OTP             Enabled      
FIDO U2F        Enabled      
OATH            Enabled      
YubiHSM Auth    Not available
OpenPGP         Enabled      
PIV             Enabled

Steps to reproduce

I setup my 5C and moved keytocard using gpg - and key works fine - but I cannot enable touch which is a huge security problem :(
@dainnilsson
Copy link
Member

Can you (with the YubiKey inserted) run ykman --diagnose and paste the output here?

@KlavsKlavsen
Copy link
Author 

$ ykman --diagnose
ykman: 4.0.8
Python: 3.9.7 (default, Sep 10 2021, 14:59:43) 
[GCC 11.2.0]
Platform: linux
Arch: x86_64
Running as admin: False

Detected PC/SC readers:

Detected YubiKeys over PC/SC:

Detected YubiKeys over HID OTP:

Detected YubiKeys over HID FIDO:
        CtapYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw1')
CTAP device version: 5.1.2
CTAPHID protocol version: 2
Capabilities: 5
        RawInfo: 230102023f0302023f0204009a7e0204010405030501020602000007010f0801000a0100
        DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|OATH|PIV|OPENPGP|4|U2F|OTP: 575>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG.0: 0>), serial=10124802, version=Version(major=5, minor=1, patch=2), form_factor=<FORM_FACTOR.USB_C_NANO: 4>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|OATH|PIV|OPENPGP|4|U2F|OTP: 575>}, is_locked=False, is_fips=False, is_sky=False)
        Device name: YubiKey 5C Nano
        Ctap2Info: {<VERSIONS: 0x01>: ['U2F_V2', 'FIDO_2_0'], <EXTENSIONS: 0x02>: ['hmac-secret'], <AAGUID: 0x03>: b"\xcbiH\x1e\x8f\xf7@9\x93\xec\n')\xa1T\xa8", <OPTIONS: 0x04>: {'rk': True, 'up': True, 'plat': False, 'clientPin': False}, <MAX_MSG_SIZE: 0x05>: 1200, <PIN_UV_PROTOCOLS: 0x06>: [1]}
PIN: Not configured

End of diagnostics

@nuke-web3
Copy link

Same issue. Used gpg --card-edit and that is working, but cannot set anything with ykman openpgp -> Error: No YubiKey found with the given interface(s)
info:

Device type: YubiKey 5 NFC
Serial number: XXX
Firmware version: 5.4.3
Form factor: Keychain (USB-A)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled.

Applications	USB    	NFC     
FIDO2       	Enabled	Disabled	
OTP         	Enabled	Disabled	
FIDO U2F    	Enabled	Disabled	
OATH        	Enabled	Disabled	
YubiHSM Auth	Enabled	Disabled	
OpenPGP     	Enabled	Disabled	
PIV         	Enabled	Disabled

Diagnostic:

ykman: 4.0.8
Python: 3.8.10 (default, Mar 15 2022, 12:22:08) 
[GCC 9.4.0]
Platform: linux
Arch: x86_64
Running as admin: False

Detected PC/SC readers:

Detected YubiKeys over PC/SC:

Detected YubiKeys over HID OTP:
	OtpYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw0')
	RawInfo: XXX
	DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.4: 4>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG.0: 0>), serial=XXX, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_A_KEYCHAIN: 1>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>}, is_locked=False, is_fips=False, is_sky=False)
	Device name: YubiKey 5 NFC
	OTP: ConfigState(configured: (True, True), touch_triggered: (True, True), led_inverted: False)


Detected YubiKeys over HID FIDO:
	CtapYubiKeyDevice(pid=0407, fingerprint='/dev/hidraw1')
CTAP device version: 5.4.3
CTAPHID protocol version: 2
Capabilities: 5
	RawInfo: XXX
	DeviceInfo(config=DeviceConfig(enabled_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.4: 4>}, auto_eject_timeout=0, challenge_response_timeout=15, device_flags=<DEVICE_FLAG.0: 0>), serial=XXX, version=Version(major=5, minor=4, patch=3), form_factor=<FORM_FACTOR.USB_A_KEYCHAIN: 1>, supported_capabilities={<TRANSPORT.USB: 'usb'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>, <TRANSPORT.NFC: 'nfc'>: <CAPABILITY.FIDO2|HSMAUTH|OATH|PIV|OPENPGP|4|U2F|OTP: 831>}, is_locked=False, is_fips=False, is_sky=False)
	Device name: YubiKey 5 NFC
	Ctap2Info: {<VERSIONS: 0x01>: ['U2F_V2', 'FIDO_2_0', 'FIDO_2_1_PRE'], <EXTENSIONS: 0x02>: ['credProtect', 'hmac-secret'], <AAGUID: 0x03>: b'/\xc0W\x9f\x81\x13G\xea\xb1\x16\xbbZ\x8d\xb9 *', <OPTIONS: 0x04>: {'rk': True, 'up': True, 'plat': False, 'clientPin': False, 'credentialMgmtPreview': True}, <MAX_MSG_SIZE: 0x05>: 1200, <PIN_UV_PROTOCOLS: 0x06>: [2, 1], <MAX_CREDS_IN_LIST: 0x07>: 8, <MAX_CRED_ID_LENGTH: 0x08>: 128, <TRANSPORTS: 0x09>: ['nfc', 'usb'], <ALGORITHMS: 0x0A>: [{'alg': -7, 'type': 'public-key'}, {'alg': -8, 'type': 'public-key'}], <MIN_PIN_LENGTH: 0x0D>: 4, <FIRMWARE_VERSION: 0x0E>: 328707}
PIN: Not configured

End of diagnostics

This was referenced Apr 5, 2022
Closed
Open
@ri0t
Copy link

ri0t commented Apr 12, 2022

I had similar issues until i removed a longer (3m) cable between key and usb-port.
Some functionality still worked with the cable in place, but using ykman didn't. Could be my hub or that specific port, too - i didn't test, but can do if it helps.

@KlavsKlavsen
Copy link
Author

My key is directly inserted in my thinkpad laptop

@untbu
Copy link

untbu commented Apr 30, 2022

I had the same issue on a raspberry pi 4. Changing the connection mode to ccid only (ykman config mode ccid) solved it.

@KlavsKlavsen
Copy link
Author

That solved it for me too. Thank you @untbu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dainnilsson @ri0t @KlavsKlavsen @nuke-web3 @untbu