Yubikey 5 NFC not working with yubioath-desktop, py-yubikey-manager and py-yubikey-manage-qt

maurizio

Member

Reaction score: 2
Messages: 34

Hello all,
my yubikey 5 NFC is not detected by security/ypy-yubikey-manager (CLI) and security/yubikey-manager-qt (GUI) on my FreeBSD 12.1.
ykman-gui and ykman list does not detect my yubikey!
Code:
$ ykman list
Usage: ykman list [OPTIONS]
Try "ykman list -h" for help

Error: Failed to establish CCID context. Is the pcscd service running?

My YubiKey 5 NFC is not recognized by security/yubioath-desktop (yubykey authenticator) too.
I read "Connecting to Yubikey..." on the yubykey authenticator window when my yubikey 5 NFC to USB port is connected to USB port. I read "No YubiKey detected" when is NOT connected.
Maybe because yubioath-desktop is not updated to at least version 5.0.3.
Code:
Version 5.0.3 (released 2020-04-14)
    macOS: Make the app available in the macOS App Store
    Windows: Make the app available in the Microsoft Store (for Windows 10 20.04 and higher)
    Linux: Make the app available in the Snap Store
    Add support for YubiKey 5C NFC
    Bugfix: Make sure the application is always visible on Windows

I get right output using ykinfo -s -m -H -v -t -p and gpg --card-status. It seems my yubikey is correctly recognized by FreeBSD but not by py-yubikey-manager-qt and yubioath-desktop
Code:
$ dmesg
ugen2.2: <Yubico YubiKey OTP+FIDO+CCID> at usbus2
ukbd2 on uhub2
ukbd2: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 2> on usbus2

What is wrong?
 

inaley

New Member

Reaction score: 4
Messages: 14

It seems you need to set pcscd to run.

In order to keep pcscd run on start, # sysrc pcscd_enable=yes should do the trick (you would need to reload rc.conf by simply rebooting). I have encountered the issue, and confirmed it worked.

Hope this helps!
 

iandstanley

New Member


Messages: 3

I have the same problem with my laptop running FreeBSD 13.0

Laptop has been rebooted a number of times since I installed all of this.


WORKING
  • ykinfo
  • U2F with firefox
  • OTP with firefox
  • yubikey piv tool
  • gpg with key stored on the Yubikey 5 card feature
  • everything works on my debian 10 desktop

FAILING
  • yubioath-desktop
  • ykman
  • ykman gui (3.7)
  • FIDO2 with firefox (U2F works though) with my Yubikey 5nfc

pcscd up and running

installed, running and sysrc enabled;

log output

------
pcscd is running

when i run pcsc_scan I get the following as I insert my yubikey5
`
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader... ^found one
Scanning present readers...
0: Yubico YubiKey OTP+FIDO+CCID 00 00

Wed Jun 9 00:52:37 2021
Reader 0: Yubico YubiKey OTP+FIDO+CCID 00 00
Event number: 0
Card state: Card inserted,
ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40

ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
+ TS = 3B --> Direct Convention
+ T0 = FD, Y(1): 1111, K: 13 (historical bytes)
TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 80 73 C0 21 C0 57 59 75 62 69 4B 65 79
Category indicator byte: 80 (compact TLV data object)
Tag: 7, len: 3 (card capabilities)
Selection methods: C0
- DF selection by full DF name
- DF selection by partial DF name
Data coding byte: 21
- Behaviour of write functions: proprietary
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: C0
- Command chaining
- Extended Lc and Le fields
- Logical channel number assignment: No logical channel
- Maximum number of logical channels: 1
Tag: 5, len: 7 (card issuer's data)
Card issuer data: 59 75 62 69 4B 65 79
+ TCK = 40 (correct checksum)

Possibly identified card (using /usr/local/share/pcsc/smartcard_list.txt):
3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
Yubico YubiKey 5 NFC (PKI)
https://www.yubico.com/product/yubikey-5-nfc
`

DMESG

dmesg spits out the following:

`
ugen0.7: <Yubico YubiKey OTP+FIDO+CCID> at usbus0
ukbd0 on uhub0
ukbd0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 28> on usbus0
kbd2 at ukbd0
uhid0 on uhub0
uhid0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 28> on usbus0
`
 
Top