T4702 is our release info task for 2.3.0
@gniibe Hi! Can you estimate, when this feature will be released?
Mon, Jan 11
Lowered priority because in reality it is not possible to get a certificate for an arbitrary SigG key on the card. Only accredited CAs may issue certs and they want to keep full control over the key generation.
Fri, Jan 8
Thu, Jan 7
do_sign() calls find_fid_by_keyref() which does a switch_application(). So, I think the SigG application should already be active. But, yes, please have a look at it.
We need to switch to the SigG application. Shall I look at it?
Wed, Jan 6
Tue, Jan 5
It seems you have a pretty good understanding and also test cases at hand. May I ask you to apply the suggested pacthes to master?
Dec 25 2020
Dec 23 2020
Already have set another, thanks gnibe! See ya!
Please change your passphrase for your card, BTW.
Good. The error recovery worked well.
Dec 22 2020
$ gpg --card-status $ gpgconf --kill scdaemon $ git fetch << (Used my PIN, I have reverted to my previous code other day, is not anymore 123456)
Dec 21 2020
Yes, that worked. Thanks for the tip and sorry for the noise ;-)
I think that ... For some reason, your private key file under .gnupg/private-keys-v1.d has wrong serial number.
Thank you for your testing.
May I ask more test, please?
Dec 20 2020
Hi, I have applied both patch and appears Yubikey is now working correct. I have uploaded the log here.
Dec 18 2020
Yes, makes sense. Although, you should use datalen = indatalen; in the last line (to prevent typos in the numbers).
IIUC, for completeness, it would be good to add the lines like:
Dec 17 2020
Dec 16 2020
Nice, I gonna apply the patch and see if resolves for me!
Dec 11 2020
Reading the code again, I think that some configuration of NKS card doesn't work well, when it has no certificates but keys (e.g. IDLM config).
I'm going to fix do_readkey as well (the approach #1).
Dec 10 2020
With my Yubikey NEO, when I use OTP (touching the button to generate OTP output as key input), I observed "card eject" event:
2020-12-10 11:23:05 scdaemon DBG: ccid-driver: CCID: interrupt callback 0 (2) 2020-12-10 11:23:05 scdaemon DBG: ccid-driver: CCID: NotifySlotChange: 02 2020-12-10 11:23:05 scdaemon DBG: ccid-driver: CCID: card removed 2020-12-10 11:23:05 scdaemon DBG: enter: apdu_get_status: slot=0 hang=0 2020-12-10 11:23:05 scdaemon DBG: leave: apdu_get_status => sw=0x1000c status=0 2020-12-10 11:23:05 scdaemon DBG: Removal of a card: 0
Thanks a lot for your time to locate the problem. I took the approach of #2.
Dec 9 2020
This works now. Thanks.
I'm not sure why I thought that it would work now. With current master I get
$ gpg-connect-agent "SCD READKEY --info-only -- 39400430E38BB96F105B740A7119FE113578B59D" /bye ERR 100663414 Invalid ID <SCD>
I checked the development log for the addition of:
libusb_clear_halt (handle->idev, handle->ep_intr);
I have another yubikey neo but its clean. Can it help it?
Dec 8 2020
Changing modes will I lose/change my OTP and FIDO codes?
Following device (a bit older than yours, I guess) works well:
DBG: ccid-driver: idVendor: 1050 idProduct: 0112 bcdDevice: 0334
When I configure it to OTP+FIDO+CCID, it also works for me, it is:
DBG: ccid-driver: idVendor: 1050 idProduct: 0116 bcdDevice: 0334