Page MenuHome GnuPG

yubikeyTag
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Oct 29 2024

werner edited projects for T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time, added: gnupg26; removed gnupg24.

You should use gpg-agent's integrated ssh-agent. It is anyway much more convenient. I'll move this task to gnupg26, though.

Oct 29 2024, 1:16 PM · gnupg26, yubikey, scd, Bug Report

Oct 4 2024

werner closed T6843: after enable kdf-setup impossible change user/admin pin as Resolved.
Oct 4 2024, 11:45 AM · gnupg22 (gnupg-2.2.43), scd, yubikey
werner moved T6843: after enable kdf-setup impossible change user/admin pin from QA to gnupg-2.2.43 on the gnupg22 board.
Oct 4 2024, 11:45 AM · gnupg22 (gnupg-2.2.43), scd, yubikey
werner changed the status of T6843: after enable kdf-setup impossible change user/admin pin from Resolved to Duplicate.
Oct 4 2024, 11:45 AM · gnupg22 (gnupg-2.2.43), scd, yubikey
werner closed T6843: after enable kdf-setup impossible change user/admin pin as Resolved.

Porting to 2.2 was straightforward - we won't give it an extra QA run.

Oct 4 2024, 11:45 AM · gnupg22 (gnupg-2.2.43), scd, yubikey

Sep 25 2024

werner moved T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations from Backlog to done on the gnupg24 board.
Sep 25 2024, 4:31 PM · gnupg24, yubikey, Bug Report
werner moved T7121: gnupg 2.2.43: scdaemon fails with KDF from Backlog to gnupg-2.2.44 on the gnupg22 board.
Sep 25 2024, 4:19 PM · gnupg22 (gnupg-2.2.44), yubikey, scd, Bug Report

Sep 3 2024

gniibe closed T7121: gnupg 2.2.43: scdaemon fails with KDF as Resolved.
Sep 3 2024, 3:35 AM · gnupg22 (gnupg-2.2.44), yubikey, scd, Bug Report

Jun 21 2024

werner raised the priority of T7121: gnupg 2.2.43: scdaemon fails with KDF from Normal to High.
Jun 21 2024, 1:21 PM · gnupg22 (gnupg-2.2.44), yubikey, scd, Bug Report

May 31 2024

whites11 added a comment to T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time.

Thanks for your answer, @werner

May 31 2024, 2:33 PM · gnupg26, yubikey, scd, Bug Report
werner added a comment to T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time.

Do not use the pcscd but the integrated CCID driver. This is actually the default form Unix. Or are you on Windows?

May 31 2024, 12:36 PM · gnupg26, yubikey, scd, Bug Report
whites11 added a comment to T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time.

Hello all. I think I am affected by this problem (I get asked for the yubikey PIV pin every time I make a git commit).
Is there a known workaround?

May 31 2024, 10:45 AM · gnupg26, yubikey, scd, Bug Report

May 1 2024

werner closed T7066: Communication with Yubikey hangs in scdaemon as Resolved.

Seems it was a kernel / USB bug

May 1 2024, 7:55 PM · Arch, yubikey, Bug Report

Apr 22 2024

gniibe closed T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations as Resolved.

Please continue on T7041. This ticket is going to be closed (as the problem described was fixed already).

Apr 22 2024, 8:09 AM · gnupg24, yubikey, Bug Report

Apr 16 2024

mdawar added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Yes I have pcsc-shared in my scdaemon.conf.
I've just tried removing both pcsc-shared and disable-application piv and PIN caching worked as expected.

Apr 16 2024, 8:00 AM · gnupg24, yubikey, Bug Report
gniibe added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Are you using PC/SC shared mode? If so, it may be the case of T7041.

Apr 16 2024, 7:16 AM · gnupg24, yubikey, Bug Report

Apr 15 2024

werner edited projects for T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations, added: gnupg24; removed gnupg (gpg23).
Apr 15 2024, 8:58 PM · gnupg24, yubikey, Bug Report
werner reopened T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations as "Open".
Apr 15 2024, 8:58 PM · gnupg24, yubikey, Bug Report
mdawar added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

I just wanted to report that I'm having this issue on Fedora 39, with GnuPG version 2.4.4.
I'm being asked for the PIN for every operation (Sign, Decrypt, Authenticate) I'm having this issue on 2 different laptops using YubiKey 5C NFC and YubiKey 5C Nano (Firmware version: 5.4.3).
I tried disabling PIV (disable-application piv) and then PIN caching started working again, so I just wanted to report this as it's marked as resolved.

Apr 15 2024, 8:20 PM · gnupg24, yubikey, Bug Report

Apr 9 2024

werner added projects to T7066: Communication with Yubikey hangs in scdaemon: yubikey, Arch.
Apr 9 2024, 1:44 PM · Arch, yubikey, Bug Report
werner triaged T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time as Normal priority.
Apr 9 2024, 1:42 PM · gnupg26, yubikey, scd, Bug Report

Mar 6 2024

werner added a comment to T6843: after enable kdf-setup impossible change user/admin pin.

See also rG40b85d8e8cecadf35e51e84b30de4fac820d714b for gnupg 2.4.

Mar 6 2024, 12:34 PM · gnupg22 (gnupg-2.2.43), scd, yubikey

Jan 26 2024

werner moved T6843: after enable kdf-setup impossible change user/admin pin from Backlog to QA on the gnupg22 board.

We need to test the PIN, PUK and reset code stuff in 2.2

Jan 26 2024, 3:14 PM · gnupg22 (gnupg-2.2.43), scd, yubikey
gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.

For the particular issue reopened for GnuPG 2.2.41 is fixed in GnuPG 2.2.42.
Please note that we can't fix the cause itself, the hardware problem.

Jan 26 2024, 1:08 AM · backport, yubikey, scd, segv, Bug Report

Jan 12 2024

werner edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: gnupg22; removed backport, gnupg.
Jan 12 2024, 4:26 PM · gnupg22 (gnupg-2.2.43), scd, yubikey

Jan 5 2024

werner moved T4823: Test Yubikey's support for ed25519 from Backlog to done on the gnupg24 board.
Jan 5 2024, 12:04 PM · gnupg24, gnupg (gpg23), yubikey

Dec 27 2023

gniibe changed the status of T6843: after enable kdf-setup impossible change user/admin pin from Open to Testing.

It would be good to apply this to 2.2, so adding "backport" tag.

Dec 27 2023, 1:25 AM · gnupg22 (gnupg-2.2.43), scd, yubikey

Dec 22 2023

gniibe edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: gnupg, scd; removed Support, Windows.

Thank you for the bug report. Although it's a corner case, it is a discrepancy in the implementation which results unrecoverable situation of the device.

Dec 22 2023, 3:44 AM · gnupg22 (gnupg-2.2.43), scd, yubikey
gniibe claimed T6843: after enable kdf-setup impossible change user/admin pin.
Dec 22 2023, 3:16 AM · gnupg22 (gnupg-2.2.43), scd, yubikey

Nov 28 2023

werner edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: Support; removed Bug Report.
Nov 28 2023, 1:25 PM · gnupg22 (gnupg-2.2.43), scd, yubikey

Nov 27 2023

Andry created T6843: after enable kdf-setup impossible change user/admin pin.
Nov 27 2023, 12:12 PM · gnupg22 (gnupg-2.2.43), scd, yubikey

Nov 7 2023

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Applied a patch from 2.4/master to 2.2 for SEGV when card gives bogus data. rG600e69b46149: scd:openpgp: Fix a segv for cards supporting unknown curves.

Nov 7 2023, 9:51 AM · backport, yubikey, scd, segv, Bug Report

Nov 6 2023

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

@desultory Thank you for your report.
Please open a new ticket for your problem. If you can, please show the result of https://dev.gnupg.org/T5963#157724

Nov 6 2023, 2:06 AM · backport, yubikey, scd, segv, Bug Report

Nov 5 2023

desultory reopened T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as "Open".

This is still an issue for me:

Nov 5 2023, 12:38 AM · backport, yubikey, scd, segv, Bug Report

Apr 21 2023

werner added a subtask for T6382: keytocard fails to import a nistp384 ECDSA key: T6465: Store the ECDH parameters in the key file.
Apr 21 2023, 3:21 PM · yubikey, scd, Bug Report

Mar 14 2023

werner closed T6382: keytocard fails to import a nistp384 ECDSA key as Resolved.

Closing this one - see T6378

Mar 14 2023, 4:20 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There is actually a regression wit Yubikeys. The fix for 2.2 is in T5100: rG08cc34911470 - for 2.4 I need to check

Mar 14 2023, 11:35 AM · yubikey, scd, Bug Report
werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

danisanti added a comment to T6406: gpg-agent: Fail on expiring YubiKey PIN.

I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.

Mar 13 2023, 10:00 PM · Not A Bug, yubikey, gpgagent
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Mar 11 2023

danisanti created T6406: gpg-agent: Fail on expiring YubiKey PIN.
Mar 11 2023, 4:50 PM · Not A Bug, yubikey, gpgagent

Feb 26 2023

werner lowered the priority of T6382: keytocard fails to import a nistp384 ECDSA key from High to Normal.
Feb 26 2023, 7:27 PM · yubikey, scd, Bug Report

Feb 21 2023

ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

The application probably doesn't support this curve, the changelog only mentions Curve25519 and NIST P-256. Also Kleopatra lists only these two curves when generating a key from the card. Upon further inspection, the 0xFA DO listing the supported algorithms only has RSA 2048, RSA 4096, nistp256, ed255519 and cv25519

Feb 21 2023, 5:33 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

This is a Nitrokey 3A with the firmware 1.2.2-alpha.20221130. I'll check with the vendor.

Feb 21 2023, 5:12 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Sure that you specific card/implementation of Nitrokey supports this curve? The card application uses a vendor from the test card range - this it is likely that it is some Javacard implementaion or it is an old gnuk firmware on the nitrokey basic.

Feb 21 2023, 4:32 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Changing the key attributes didn't help unfortunately:

Feb 21 2023, 3:32 PM · yubikey, scd, Bug Report
werner added a parent task for T6382: keytocard fails to import a nistp384 ECDSA key: T6378: keytocard: invalid value.
Feb 21 2023, 3:09 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There must be some regression in the code which changes the key attributes. Please try
"gpg --card-edit" admin, key-attr
and switch to nistp384.

Feb 21 2023, 3:08 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

I also tried to import the key with the gpg-card writekey command and I got the same error.

Feb 21 2023, 2:59 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Same error message but probably a different cause, in this case the card was factory reset before importing.

Feb 21 2023, 2:55 PM · yubikey, scd, Bug Report