Mon, Jan 11
Lowered priority because in reality it is not possible to get a certificate for an arbitrary SigG key on the card. Only accredited CAs may issue certs and they want to keep full control over the key generation.
Fri, Jan 8
Thu, Jan 7
do_sign() calls find_fid_by_keyref() which does a switch_application(). So, I think the SigG application should already be active. But, yes, please have a look at it.
We need to switch to the SigG application. Shall I look at it?
Wed, Jan 6
Tue, Jan 5
It seems you have a pretty good understanding and also test cases at hand. May I ask you to apply the suggested pacthes to master?
Fri, Dec 25
Wed, Dec 23
Already have set another, thanks gnibe! See ya!
Please change your passphrase for your card, BTW.
Good. The error recovery worked well.
Tue, Dec 22
$ gpg --card-status $ gpgconf --kill scdaemon $ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)
Mon, Dec 21
Yes, that worked. Thanks for the tip and sorry for the noise ;-)
I think that ... For some reason, your private key file under .gnupg/private-keys-v1.d has wrong serial number.
Thank you for your testing.
May I ask more test, please?
Sun, Dec 20
Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.
Fri, Dec 18
Yes, makes sense. Although, you should use datalen = indatalen; in the last line (to prevent typos in the numbers).
Dec 18 2020
IIUC, for completeness, it would be good to add the lines like:
Dec 17 2020
Dec 16 2020
Nice, I gonna apply the patch and see if resolves for me!
Dec 11 2020
Reading the code again, I think that some configuration of NKS card doesn't work well, when it has no certificates but keys (e.g. IDLM config).
I'm going to fix do_readkey as well (the approach #1).
Dec 10 2020
With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:
2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: interrupt callback 0 (2) 2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: NotifySlotChange: 02 2020-12-10 11:23:05 scdaemon[7254] DBG: ccid-driver: CCID: card removed 2020-12-10 11:23:05 scdaemon[7254] DBG: enter: apdu_get_status: slot=0 hang=0 2020-12-10 11:23:05 scdaemon[7254] DBG: leave: apdu_get_status => sw=0x1000c status=0 2020-12-10 11:23:05 scdaemon[7254] DBG: Removal of a card: 0
Thanks a lot for your time to locate the problem. I took the approach of #2.
Dec 9 2020
This works now. Thanks.
I'm not sure why I thought that it would work now. With current master I get
$ gpg-connect-agent "SCD READKEY --info-only -- 39400430E38BB96F105B740A7119FE113578B59D" /bye ERR 100663414 Invalid ID <SCD>
I checked the development log for the addition of:
libusb_clear_halt (handle->idev, handle->ep_intr);
I have another yubikey neo but its clean. Can it help it?
Dec 8 2020
Changing modes will I lose/change my OTP and FIDO codes?
Following device (a bit older than yours, I guess) works well:
DBG: ccid-driver: idVendor: 1050 idProduct: 0112 bcdDevice: 0334
When I configure it to OTP+FIDO+CCID, it also works for me, it is:
DBG: ccid-driver: idVendor: 1050 idProduct: 0116 bcdDevice: 0334
Thanks a lot.
Let me explain the situation.
Dec 7 2020
Hi, I changed the PIN, killed the gpg-agent and scdaemon, edited the scdaemon.conf to include your instruction, after, I run the following commands:
Thank you for the information.
In the log, the driver detects removal of card wrongly.
That's the cause of this problem.