gnupg-2.1.18 fails to read a Yubikey Neo that gnupg-2.1.17 reads fine
Closed, ResolvedPublic

Description

I upgraded to 2.1.18 but now am unable to use my Yubikey Neo that works fine
under 2.1.17 (both before upgrading and after downgrading again).

Under 2.1.18 I get the following:

$ gpg --card-status
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device

Under 2.1.17 I get:

$ gpg --card-status
Reader ...........: Yubico Yubikey NEO OTP U2F CCID 00 00
Application ID ...: D2760001240102000006030169880000
Version ..........: 2.0
Manufacturer .....: Yubico
etc.

Under both, dmesg gives me the following upon insertion of the yubikey:

19644.850080] usb 1-1: new full-speed USB device number 8 using xhci_hcd
[19645.019224] usb 1-1: New USB device found, idVendor=1050, idProduct=0116
[19645.019227] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[19645.019228] usb 1-1: Product: Yubikey NEO OTP+U2F+CCID
[19645.019230] usb 1-1: Manufacturer: Yubico
[19645.021289] input: Yubico Yubikey NEO OTP+U2F+CCID as
/devices/pci0000:00/0000:00:14.0/usb1/1-1/1-1:1.0/0003:1050:0116.0007/input/input26
[19645.073376] hid-generic 0003:1050:0116.0007: input,hidraw0: USB HID v1.10
Keyboard [Yubico Yubikey NEO OTP+U2F+CCID] on usb-0000:00:14.0-1/input0
[19645.074634] hid-generic 0003:1050:0116.0008: hiddev0,hidraw1: USB HID v1.10
Device [Yubico Yubikey NEO OTP+U2F+CCID] on usb-0000:00:14.0-1/input1

So it appears as though the device should exist and be accessible. I read that
there were a number of changes of scdaemon, but unfortunately I seemingly
haven't been able to get debugging information from it that could help pinpoint
the issue. I'm happy to run tests and provide any more information necessary to
help solve this issue, I just need to know what commands to run...

Details

Version
2.1.18
ikelos set Version to 2.1.18.
ikelos added a subscriber: ikelos.
justus assigned this task to gniibe.
justus added a subscriber: gniibe.
ikelos added a comment.Feb 2 2017, 7:05 PM

Having read [1], I double checked my scdaemon.conf (which apparently already
featured debug-all) and made sure it to read as follows:

log-file /home/mike/.gnupg/scdaemon.log
debug-all

I got the following from attempting to run gpg --card-status:

2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 <- GETINFO version
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 -> D 2.1.18
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 -> OK
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 <- SERIALNO openpgp
2017-02-02 18:00:58 scdaemon[32091] DBG: apdu_open_reader: BAI=10a02
2017-02-02 18:00:58 scdaemon[32091] DBG: apdu_open_reader: new device=10a02
2017-02-02 18:00:58 scdaemon[32091] ccid open error: skip
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 -> ERR 100696144 No such device
<SCD>
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 <- RESTART
2017-02-02 18:00:58 scdaemon[32091] DBG: chan_5 -> OK

Please let me know what further information I can provide to help debug this?

ikelos added a comment.Feb 2 2017, 7:08 PM

I can also confirm that adding the line "disable-ccid" to scdaemon.conf appears
to revert to the previous system, which then works fine (but doesn't really fix
the issue).

ikelos added a comment.Feb 2 2017, 7:19 PM

Sorry, forgot the reference for [1] previously:

https://bbs.archlinux.org/viewtopic.php?id=222401

We have Homebrew users reporting this problem to us.

https://github.com/Homebrew/homebrew-versions/commit/bece3fdbb732bcf646589c051f2f882e2bbf0875#commitcomment-20846337
https://github.com/Homebrew/homebrew-versions/commit/bece3fdbb732bcf646589c051f2f882e2bbf0875#commitcomment-20910048

"I had to revert to 2.1.17, gnupg was unable to access my yubikey with 2.1.18.
The error was "gpg: selecting openpgp failed: Operation not supported by
device". Not sure if I'm the only one with the problem, if not I'd recommend
reverting the version."

dkg added a subscriber: dkg.Feb 16 2017, 11:00 PM

This sounds like issues we were seeing in debian, which i believe have been
fixed in git already.

we're shipping the following two patches in debian against 2.1.18:

https://sources.debian.net/src/gnupg2/2.1.18-6/debian/patches/0028-scd-Backport-two-fixes-from-master.patch/
https://sources.debian.net/src/gnupg2/2.1.18-6/debian/patches/0029-scd-Fix-use-case-of-PC-SC.patch/

dkg thank you. One of the user reporting the issue has confirmed that fixes it:
https://github.com/Homebrew/homebrew-versions/pull/1527#issuecomment-280667350

gniibe closed this task as Resolved.Apr 4 2017, 2:28 AM

Fix published in 2.1.19.