Page MenuHome GnuPG

yubikeyTag
ActivePublic

Members

  • This project does not have any members.
  • View All

Recent Activity

Wed, May 1

werner closed T7066: Communication with Yubikey hangs in scdaemon as Resolved.

Seems it was a kernel / USB bug

Wed, May 1, 7:55 PM · Arch, yubikey, Bug Report

Apr 22 2024

gniibe closed T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations as Resolved.

Please continue on T7041. This ticket is going to be closed (as the problem described was fixed already).

Apr 22 2024, 8:09 AM · gnupg24, yubikey, Bug Report

Apr 16 2024

mdawar added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Yes I have pcsc-shared in my scdaemon.conf.
I've just tried removing both pcsc-shared and disable-application piv and PIN caching worked as expected.

Apr 16 2024, 8:00 AM · gnupg24, yubikey, Bug Report
gniibe added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

Are you using PC/SC shared mode? If so, it may be the case of T7041.

Apr 16 2024, 7:16 AM · gnupg24, yubikey, Bug Report

Apr 15 2024

werner edited projects for T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations, added: gnupg24; removed gnupg (gpg23).
Apr 15 2024, 8:58 PM · gnupg24, yubikey, Bug Report
werner reopened T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations as "Open".
Apr 15 2024, 8:58 PM · gnupg24, yubikey, Bug Report
mdawar added a comment to T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.

I just wanted to report that I'm having this issue on Fedora 39, with GnuPG version 2.4.4.
I'm being asked for the PIN for every operation (Sign, Decrypt, Authenticate) I'm having this issue on 2 different laptops using YubiKey 5C NFC and YubiKey 5C Nano (Firmware version: 5.4.3).
I tried disabling PIV (disable-application piv) and then PIN caching started working again, so I just wanted to report this as it's marked as resolved.

Apr 15 2024, 8:20 PM · gnupg24, yubikey, Bug Report

Apr 9 2024

werner added projects to T7066: Communication with Yubikey hangs in scdaemon: yubikey, Arch.
Apr 9 2024, 1:44 PM · Arch, yubikey, Bug Report
werner triaged T7041: Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time as Normal priority.
Apr 9 2024, 1:42 PM · yubikey, gnupg24, scd, Bug Report

Mar 6 2024

werner added a comment to T6843: after enable kdf-setup impossible change user/admin pin.

See also rG40b85d8e8cecadf35e51e84b30de4fac820d714b for gnupg 2.4.

Mar 6 2024, 12:34 PM · gnupg22, scd, yubikey

Jan 26 2024

werner moved T6843: after enable kdf-setup impossible change user/admin pin from Backlog to QA on the gnupg22 board.

We need to test the PIN, PUK and reset code stuff in 2.2

Jan 26 2024, 3:14 PM · gnupg22, scd, yubikey
gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.

For the particular issue reopened for GnuPG 2.2.41 is fixed in GnuPG 2.2.42.
Please note that we can't fix the cause itself, the hardware problem.

Jan 26 2024, 1:08 AM · backport, yubikey, scd, segv, Bug Report

Jan 12 2024

werner edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: gnupg22; removed backport, gnupg.
Jan 12 2024, 4:26 PM · gnupg22, scd, yubikey

Jan 5 2024

werner moved T4823: Test Yubikey's support for ed25519 from Backlog to done on the gnupg24 board.
Jan 5 2024, 12:04 PM · gnupg24, gnupg (gpg23), yubikey

Dec 27 2023

gniibe changed the status of T6843: after enable kdf-setup impossible change user/admin pin from Open to Testing.

It would be good to apply this to 2.2, so adding "backport" tag.

Dec 27 2023, 1:25 AM · gnupg22, scd, yubikey

Dec 22 2023

gniibe edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: gnupg, scd; removed Support, Windows.

Thank you for the bug report. Although it's a corner case, it is a discrepancy in the implementation which results unrecoverable situation of the device.

Dec 22 2023, 3:44 AM · gnupg22, scd, yubikey
gniibe claimed T6843: after enable kdf-setup impossible change user/admin pin.
Dec 22 2023, 3:16 AM · gnupg22, scd, yubikey

Nov 28 2023

werner edited projects for T6843: after enable kdf-setup impossible change user/admin pin, added: Support; removed Bug Report.
Nov 28 2023, 1:25 PM · gnupg22, scd, yubikey

Nov 27 2023

Andry created T6843: after enable kdf-setup impossible change user/admin pin.
Nov 27 2023, 12:12 PM · gnupg22, scd, yubikey

Nov 7 2023

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

Applied a patch from 2.4/master to 2.2 for SEGV when card gives bogus data. rG600e69b46149: scd:openpgp: Fix a segv for cards supporting unknown curves.

Nov 7 2023, 9:51 AM · backport, yubikey, scd, segv, Bug Report

Nov 6 2023

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

@desultory Thank you for your report.
Please open a new ticket for your problem. If you can, please show the result of https://dev.gnupg.org/T5963#157724

Nov 6 2023, 2:06 AM · backport, yubikey, scd, segv, Bug Report

Nov 5 2023

desultory reopened T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as "Open".

This is still an issue for me:

Nov 5 2023, 12:38 AM · backport, yubikey, scd, segv, Bug Report

Apr 21 2023

werner added a subtask for T6382: keytocard fails to import a nistp384 ECDSA key: T6465: Store the ECDH parameters in the key file.
Apr 21 2023, 3:21 PM · yubikey, scd, Bug Report

Mar 14 2023

werner closed T6382: keytocard fails to import a nistp384 ECDSA key as Resolved.

Closing this one - see T6378

Mar 14 2023, 4:20 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There is actually a regression wit Yubikeys. The fix for 2.2 is in T5100: rG08cc34911470 - for 2.4 I need to check

Mar 14 2023, 11:35 AM · yubikey, scd, Bug Report
werner closed T6406: gpg-agent: Fail on expiring YubiKey PIN as Resolved.
Mar 14 2023, 9:31 AM · Not A Bug, yubikey, gpgagent

Mar 13 2023

danisanti added a comment to T6406: gpg-agent: Fail on expiring YubiKey PIN.

I never made a threat model. But definitely *any* cracker, should be out of my system, either from governmental agencies or from a kiddo in Russia.
I know that I have someone that is remote accessing my machine, since I got some tells. And that this cracker have used my Emacs text editor.

Mar 13 2023, 10:00 PM · Not A Bug, yubikey, gpgagent
werner edited projects for T6406: gpg-agent: Fail on expiring YubiKey PIN, added: Not A Bug; removed Bug Report.

Smartcard PINs are different from passphrase for on-disk keys. Once a PIN is entered the smartcard is unlocked as long as it is powered up. In theory we could power down and power up the card to lock it. The question here is what is your threat model? If you have malware on your system it could simply brick your token or, more common, peek at your PIN.

Mar 13 2023, 7:29 AM · Not A Bug, yubikey, gpgagent

Mar 11 2023

danisanti created T6406: gpg-agent: Fail on expiring YubiKey PIN.
Mar 11 2023, 4:50 PM · Not A Bug, yubikey, gpgagent

Feb 26 2023

werner lowered the priority of T6382: keytocard fails to import a nistp384 ECDSA key from High to Normal.
Feb 26 2023, 7:27 PM · yubikey, scd, Bug Report

Feb 21 2023

ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

The application probably doesn't support this curve, the changelog only mentions Curve25519 and NIST P-256. Also Kleopatra lists only these two curves when generating a key from the card. Upon further inspection, the 0xFA DO listing the supported algorithms only has RSA 2048, RSA 4096, nistp256, ed255519 and cv25519

Feb 21 2023, 5:33 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

This is a Nitrokey 3A with the firmware 1.2.2-alpha.20221130. I'll check with the vendor.

Feb 21 2023, 5:12 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Sure that you specific card/implementation of Nitrokey supports this curve? The card application uses a vendor from the test card range - this it is likely that it is some Javacard implementaion or it is an old gnuk firmware on the nitrokey basic.

Feb 21 2023, 4:32 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Changing the key attributes didn't help unfortunately:

Feb 21 2023, 3:32 PM · yubikey, scd, Bug Report
werner added a parent task for T6382: keytocard fails to import a nistp384 ECDSA key: T6378: keytocard: invalid value.
Feb 21 2023, 3:09 PM · yubikey, scd, Bug Report
werner added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

There must be some regression in the code which changes the key attributes. Please try
"gpg --card-edit" admin, key-attr
and switch to nistp384.

Feb 21 2023, 3:08 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

I also tried to import the key with the gpg-card writekey command and I got the same error.

Feb 21 2023, 2:59 PM · yubikey, scd, Bug Report
ebourg added a comment to T6382: keytocard fails to import a nistp384 ECDSA key.

Same error message but probably a different cause, in this case the card was factory reset before importing.

Feb 21 2023, 2:55 PM · yubikey, scd, Bug Report
werner triaged T6382: keytocard fails to import a nistp384 ECDSA key as High priority.
Feb 21 2023, 2:46 PM · yubikey, scd, Bug Report

Jan 17 2023

aheinecke closed T4823: Test Yubikey's support for ed25519 as Resolved.

I am very sure that this is resolved and we support that in Kleopatra.

Jan 17 2023, 1:10 PM · gnupg24, gnupg (gpg23), yubikey

Oct 7 2022

werner reopened T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey, a subtask of T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys), as Open.
Oct 7 2022, 9:36 AM · yubikey, Feature Request
werner added a subtask for T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys): T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey.
Oct 7 2022, 9:36 AM · yubikey, Feature Request
werner merged T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey into T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).
Oct 7 2022, 9:35 AM · yubikey, Feature Request
werner merged T5790: Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey into T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).
Oct 7 2022, 9:34 AM · yubikey, Feature Request

Oct 6 2022

manonfgoo added a comment to T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).

The other key slots are claimed to be used for expired or archived keys as you rightfully mention. We need to figure out the real world semantic behind this before we can repurpose such keys.

Oct 6 2022, 10:44 PM · yubikey, Feature Request
manonfgoo added a comment to T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys).

Pleaee have a look at https://dev.gnupg.org/T5790, i added a patch.

Oct 6 2022, 10:30 PM · yubikey, Feature Request
werner triaged T6229: Include ability to use any/all of the keys stored on YubiKey's PIV applet ("retired" keys) as Low priority.

The other key slots are claimed to be used for expired or archived keys as you rightfully mention. We need to figure out the real world semantic behind this before we can repurpose such keys.

Oct 6 2022, 6:44 PM · yubikey, Feature Request

Jul 12 2022

gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

And 2.3.7.

Jul 12 2022, 3:22 AM · backport, yubikey, scd, segv, Bug Report
gniibe closed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys as Resolved.

Fixed in 2.2.36.

Jul 12 2022, 3:19 AM · backport, yubikey, scd, segv, Bug Report

May 18 2022

oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Glad to hear. I've also now had time to manually apply the patches and have not seen any issues so far! Thank you! If anything does turn up later down the road I'll let you know.

May 18 2022, 2:10 AM · Info Needed, yubikey, scd, Bug Report