Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Unable to set values on Yubikey
mark at truenorth
Dec 20, 2020, 6:32 AM
Post #1 of 2 (63 views)
Permalink
Hello,

Using GPG version 2.2.25 I am unable to set values other than the user and
admin pins. When I use the verify function to check the pin, it is
successful. This happens both on a new Yubikey 5 and a Yubikey 4 that was
reset.

Steps to reproduce
1. Set user and admin pins.
2. Run "gpg --card-edit"
3. Enter admin mode with the admin command
4. Enter name
5. Enter surname
6. Enter first name

Produces the response:
gpg: error setting Name: Bad PIN
Note, it does not prompt me for the PIN before producing the error.


gpg --card-status produces:
Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
Application ID ...: D2760001240103040006157585540000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Yubico
Serial number ....: 15758554
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 0 0
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Thank you for your assistance.

Mark Gannon

Attached Files:

Re: Unable to set values on Yubikey [ In reply to ]
kloecker at kde
Dec 20, 2020, 8:59 AM
Post #2 of 2 (63 views)
Permalink
On Sonntag, 20. Dezember 2020 15:32:02 CET Mark Gannon wrote:
> Hello,
>
> Using GPG version 2.2.25 I am unable to set values other than the user and
> admin pins. When I use the verify function to check the pin, it is
> successful. This happens both on a new Yubikey 5 and a Yubikey 4 that was
> reset.
>
> Steps to reproduce
> 1. Set user and admin pins.

Did you set those PINs with gpg? Or did you use some other application?

> 2. Run "gpg --card-edit"
> 3. Enter admin mode with the admin command
> 4. Enter name
> 5. Enter surname
> 6. Enter first name
>
> Produces the response:
> gpg: error setting Name: Bad PIN
> Note, it does not prompt me for the PIN before producing the error.
>
>
> gpg --card-status produces:
[snip]
> PIN retry counter : 0 0 0

All PIN retry counters are 0, i.e. user PIN and admin PIN are both blocked.
Either gpg reads the values incorrectly from the Yubikey or you have entered
"wrong" PINs several times while experimenting with the Yubikey. Since even
the admin PIN is blocked, I guess you need to factory-reset the Yubikey.

To debug this run
gpg --debug=ipc --card-status
This will show the communication between gpg and scdaemon (the smartcard
helper application that gpg uses to access smartcards).

Regards,
Ingo




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal