[Bug 1202201] New: gpg2 2.3.7-1.1 doesn't properly detect Yubikey OpenPGP keys
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 Bug ID: 1202201 Summary: gpg2 2.3.7-1.1 doesn't properly detect Yubikey OpenPGP keys Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: db@mail25.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After updating gpg2 from 2.3.6-2.2 to 2.3.7-1.1 Yubikey OpenPGP keys aren't properly detected anymore. I use it for SSH and this happens on 3 similar machines running Tumbleweed with the latest snapshot (20220805) and with 2 identical Yubikeys. The only configuration that I set is:
# cat ~/.gnupg/gpg-agent.conf enable-ssh-support default-cache-ttl 600 max-cache-ttl 7200
---gpg2-2.3.7-1.1--- --after plugging in the Yubikey--
# sudo journalctl -f rugp. 07 21:53:33 pc kernel: usb 1-4: new full-speed USB device number 4 using xhci_hcd rugp. 07 21:53:33 pc kernel: usb 1-4: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.43 rugp. 07 21:53:33 pc kernel: usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 rugp. 07 21:53:33 pc kernel: usb 1-4: Product: YubiKey OTP+FIDO+CCID rugp. 07 21:53:33 pc kernel: usb 1-4: Manufacturer: Yubico rugp. 07 21:53:33 pc kernel: input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4/1-4:1.0/0003:1050:0407.0009/input/input28 rugp. 07 21:53:33 pc kernel: hid-generic 0003:1050:0407.0009: input,hidraw3: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:03:00.0-4/input0 rugp. 07 21:53:33 pc kernel: hid-generic 0003:1050:0407.000A: hiddev97,hidraw4: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:03:00.0-4/input1 rugp. 07 21:53:33 pc mtp-probe[7041]: checking bus 1, device 4: "/sys/devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4" rugp. 07 21:53:34 pc mtp-probe[7041]: bus: 1, device: 4 was not an MTP device rugp. 07 21:53:34 pc systemd[2023]: Reached target Smart Card. rugp. 07 21:53:34 pc mtp-probe[7069]: checking bus 1, device 4: "/sys/devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4" rugp. 07 21:53:34 pc mtp-probe[7069]: bus: 1, device: 4 was not an MTP device
# ssh-add -l The agent has no identities.
# gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240100000006137939780000 Application type .: OpenPGP Version ..........: 1.0 Manufacturer .....: ? Serial number ....: 13793978 Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Max. PIN lengths .: -1 -2 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none]
---gpg2-2.3.6-2.2--- --after installing gpg2-2.3.6 (https://download.opensuse.org/history/20220802/tumbleweed/repo/oss/x86_64/gp...), rebooting and inserting the Yubikey--
# sudo journalctl -f rugp. 07 22:03:11 pc kernel: usb 1-4: new full-speed USB device number 3 using xhci_hcd rugp. 07 22:03:11 pc kernel: usb 1-4: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.43 rugp. 07 22:03:11 pc kernel: usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 rugp. 07 22:03:11 pc kernel: usb 1-4: Product: YubiKey OTP+FIDO+CCID rugp. 07 22:03:11 pc kernel: usb 1-4: Manufacturer: Yubico rugp. 07 22:03:11 pc kernel: input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4/1-4:1.0/0003:1050:0407.0007/input/input27 rugp. 07 22:03:11 pc kernel: hid-generic 0003:1050:0407.0007: input,hidraw6: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:03:00.0-4/input0 rugp. 07 22:03:11 pc kernel: hid-generic 0003:1050:0407.0008: hiddev99,hidraw7: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:03:00.0-4/input1 rugp. 07 22:03:11 pc mtp-probe[4432]: checking bus 1, device 3: "/sys/devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4" rugp. 07 22:03:11 pc mtp-probe[4432]: bus: 1, device: 3 was not an MTP device rugp. 07 22:03:11 pc systemd[1]: Reached target Smart Card. rugp. 07 22:03:11 pc systemd[2002]: Reached target Smart Card. rugp. 07 22:03:11 pc mtp-probe[4445]: checking bus 1, device 3: "/sys/devices/pci0000:00/0000:00:01.3/0000:03:00.0/usb1/1-4" rugp. 07 22:03:11 pc mtp-probe[4445]: bus: 1, device: 3 was not an MTP device
# ssh-add -l 256 SHA256:**REDACTED** cardno:13 793 978 (ED25519)
# gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240100000006137939780000 Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: Yubico Serial number ....: 13793978 Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: ed25519 cv25519 ed25519 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 4 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: **REDACTED** created ....: 2022-05-23 17:27:13 Encryption key....: **REDACTED** created ....: 2022-05-23 17:27:13 Authentication key: **REDACTED** created ....: 2022-05-23 17:27:13 General key info..: [none]
-- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Andreas.Stieger@gmx.de Assignee|screening-team-bugs@suse.de |pmonrealgonzalez@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 http://bugzilla.opensuse.org/show_bug.cgi?id=1202201#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |db@mail25.net Flags| |needinfo?(db@mail25.net) --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- David - this one? https://dev.gnupg.org/T6070 -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 http://bugzilla.opensuse.org/show_bug.cgi?id=1202201#c2 David B <db@mail25.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(db@mail25.net) | --- Comment #2 from David B <db@mail25.net> --- (In reply to Andreas Stieger from comment #1)
David - this one? https://dev.gnupg.org/T6070
I've got YubiKey 5 Nano running firmware 5.4.3 so it seems that's the issue. As I understand the fix will be released upstream with 2.3.8 and we need to wait or someone has to backport it? -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 http://bugzilla.opensuse.org/show_bug.cgi?id=1202201#c3 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |pmonrealgonzalez@suse.com Assignee|pmonrealgonzalez@suse.com |Andreas.Stieger@gmx.de --- Comment #3 from Andreas Stieger <Andreas.Stieger@gmx.de> --- See https://build.opensuse.org/request/show/993834 https://software.opensuse.org//download.html?project=security%3Aprivacy&package=gpg2 A report back would be appreciated. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 http://bugzilla.opensuse.org/show_bug.cgi?id=1202201#c4 --- Comment #4 from David B <db@mail25.net> --- (In reply to Andreas Stieger from comment #3)
See https://build.opensuse.org/request/show/993834 https://software.opensuse.org//download. html?project=security%3Aprivacy&package=gpg2 A report back would be appreciated.
Can confirm gpg2-2.3.7-297.1 fixes the issue. Thank you. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1202201 http://bugzilla.opensuse.org/show_bug.cgi?id=1202201#c5 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Thanks for verifying. That package or 2.3.8 to come to a Tumbleweed near you soon. Closing. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com