Page MenuHome GnuPG
Create Task
Maniphest T5487

GnuPG 2.2.28 not working with Yubikey NEO
Closed, ResolvedPublic
Actions

Description

Hi, .28 version are not working anymore with Yubikey 4 NEO, this happen in .24 and in .25 we got a few problems (T5167) with was corrected on .26

I have uploaded the log from scdaemon from 2.2.27 and 2.2.28 as was instructed on T5167 issue.

log-file /somewhere/scd.log
verbose
debug ipc,reader,app
debug-ccid-driver

The the only command I have used while running each version was gpg2 --card-status

2.2.27-scd.log58 KBDownload

2.2.28-scd.log42 KBDownload

Details

Version
2.2.28

Revisions and Commits

rG GnuPG
rG01a413d5235f scd: Error code map fix for older Yubikey.

Related Objects

Event Timeline

gbschenkel created this task.Jun 13 2021, 4:13 PM
gniibe claimed this task.Jun 14 2021, 3:34 AM
gniibe added a subscriber: gniibe.

Thank you for your report.

Sorry, I overlooked the need to backport one of my changes.

gniibe added a comment.Jun 14 2021, 3:35 AM

Fixed in rG01a413d5235f: scd: Error code map fix for older Yubikey..
New code for Yubikey 4 or later causes wrong interaction for Yubikey NEO in 2.2.28.

gniibe added a commit: rG01a413d5235f: scd: Error code map fix for older Yubikey..Jun 14 2021, 3:36 AM
gniibe added a comment.Jun 14 2021, 3:41 AM

I think that Yubikey NEO is older than Yubikey 4.

gniibe renamed this task from GnuPG 2.2.28 not working with Yubikey 4 NEO to GnuPG 2.2.28 not working with Yubikey NEO.Jun 14 2021, 3:42 AM
gniibe mentioned this in T5482: Release GnuPG 2.2.28.Jun 14 2021, 10:18 AM
werner changed the task status from Open to Testing.Jun 14 2021, 11:38 AM
werner added projects: gnupg (gpg22), yubikey.
werner added a subscriber: werner.

Fix will eventually go into 2.2.29. If there is enough public demand we will do a new Windows installer earlier.

gbschenkel added a comment.Jun 14 2021, 6:45 PM

Thank you @werner I will apply the patch and recompile the .28 version for myself.

kianga added a subscriber: kianga.Jun 14 2021, 8:46 PM

I was just about to open a similar bug report, but I think this might be related. I’m also having trouble getting my Yubikey NEO to work with the latest update, however my log output looks different (see below) and this is on Windows (10 Pro, 21H1, build 19043.1055).

Problem appeared with version:
gpg (GnuPG) 2.2.28
libgcrypt 1.8.8
Gpg4win 3.1.16

Last known good configuration:
gpg (GnuPG) 2.2.27
libgcrypt 1.8.7
Gpg4win 3.1.15

Please let me know if you need more information, or if I should file this as a separate bug.

2021-06-14 18:27:25 scdaemon[6100] Es wird auf Socket `C:\Users\kiang\AppData\Roaming\gnupg\S.scdaemon' gehört
2021-06-14 18:27:25 scdaemon[6100] Handhabungsroutine f�r fd -1 gestartet
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> OK GNU Privacy Guard's Smartcard server ready
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 <- GETINFO socket_name
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> D C:\Users\kiang\AppData\Roaming\gnupg\S.scdaemon
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> OK
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 <- OPTION event-signal=0x00000294
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> OK
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 <- GETINFO version
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> D 2.2.28
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> OK
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 <- SERIALNO
2021-06-14 18:27:25 scdaemon[6100] DBG: open_pcsc_reader(portstr=Yubico Yubikey NEO OTP+U2F+CCID 0)
2021-06-14 18:27:25 scdaemon[6100] detected reader 'Yubico Yubikey NEO OTP+U2F+CCID 0'
2021-06-14 18:27:25 scdaemon[6100] reader slot 0: not connected
2021-06-14 18:27:25 scdaemon[6100] DBG: open_pcsc_reader => slot=0
2021-06-14 18:27:25 scdaemon[6100] DBG: enter: apdu_connect: slot=0
2021-06-14 18:27:25 scdaemon[6100] reader slot 0: active protocol: T1
2021-06-14 18:27:25 scdaemon[6100] slot 0: ATR=3B FC 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 4E 45 4F 72 33 E1
2021-06-14 18:27:25 scdaemon[6100] DBG: pcsc_get_status_change:  changed present excl inuse
2021-06-14 18:27:25 scdaemon[6100] DBG: leave: apdu_connect => sw=0x0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=00 p2=0C lc=2 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 00 0C 02 3F 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6A86  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=8 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 00 08 A0 00 00 05 27 47 11 17
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=9000  datalen=30
2021-06-14 18:27:25 scdaemon[6100] DBG:     dump:  44 46 55 20 65 6E 61 62 6C 65 64 20 2D 20 46 57 20 76 65 72 73 69 6F 6E 20 33 2E 34 2E 33
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 1D 00 00 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG:       dump:  6D 00
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=6 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 00 06 D2 76 00 01 24 01
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=7 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 0C 07 D2 76 00 00 03 01 02
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=00 lc=12 le=256 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 00 0C A0 00 00 00 63 50 4B 43 53 2D 31 35 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6700  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=08 p2=0C lc=2 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 08 0C 02 2F 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=01 p2=0C lc=2 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 01 0C 02 50 15
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=9 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 0C 09 D2 76 00 00 25 45 50 02 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=6 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 0C 06 D2 76 00 00 66 01
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] DBG: send apdu: c=00 i=A4 p1=04 p2=0C lc=11 le=-1 em=0
2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 04 0C 0B E8 2B 06 01 04 01 81 C3 1F 02 01
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6D00  datalen=0
2021-06-14 18:27:25 scdaemon[6100] no supported card application found: Kartenfehler
2021-06-14 18:27:25 scdaemon[6100] DBG: enter: apdu_close_reader: slot=0
2021-06-14 18:27:25 scdaemon[6100] DBG: enter: apdu_disconnect: slot=0
2021-06-14 18:27:25 scdaemon[6100] DBG: leave: apdu_disconnect => sw=0x0
2021-06-14 18:27:25 scdaemon[6100] DBG: leave: apdu_close_reader => 0x0 (close_reader)
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> ERR 100696144 No such device <SCD>
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 <- RESTART
2021-06-14 18:27:25 scdaemon[6100] DBG: chan_0x000002a0 -> OK
gniibe added a comment.Jun 15 2021, 1:40 AM

@kianga
Thanks for your log.

The problem I identified is:

2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 1D 00 00 00

This is a command to card from computer to get config of Yubikey 4 (or later).
When Yubikey NEO receives this command, it will get screwed up.

The patch is to detect an error at:

2021-06-14 18:27:25 scdaemon[6100] DBG:   PCSC_data: 00 A4 00 0C 02 3F 00
2021-06-14 18:27:25 scdaemon[6100] DBG:  response: sw=6A86  datalen=0

Yubikey NEO returns 6A86 here, while Yubikey 4 (or later) returns 6D00.

gniibe triaged this task as High priority.Jun 15 2021, 1:41 AM

I set the priority 'High' as Yubikey NEO is the last one with source code available, IIUC.

werner closed this task as Resolved.Jul 4 2021, 5:29 PM
werner mentioned this in T5498: Release GnuPG 2.2.29.
DanielHabenicht added a subscriber: DanielHabenicht.Oct 6 2021, 5:21 PM

Just for everbody else who might be waiting for a new release. Workaround is to simply use the previous version: https://www.gpg4win.de/change-history-de.html (3.1.15)

werner added a comment.EditedOct 6 2021, 5:53 PM

You mean Gpg4win. The solution for Gpg4win 3.1.x is to install the latest GnUPG LTS installer for Windows on top of the latest Gpg4win version. See
https://lists.gnupg.org/pipermail/gnupg-announce/2021q3/000464.html
Noet that there will very soon be a 2.2.32 to fix a problem with Let's encrypt protected keyservers (T5639).