Very frustrating issue here. When I boot up (Windows 10) and start Kleopatra (4.0.3), Kleopatra recognizes my Yubikey under Smart Cards, and it works for ssh authentication. After some period of time (hours to days), the Yubikey will disappear from Kleopatra and will not work. When this happens I have tried:
hitting F5 in smart cards
choosing Update Card Status from the context menu on the task bar
removing and reinserting the Yubikey into the same USB port
removing and reinserting the Yubikey into a different USB port
shutting down and restarting Kleopatra
None of the above works. The only thing that does work is rebooting then entire machine.
Note that when this happens, the light on the Yubikey is still green, and if I press the button on it, I will see the random text on my screen if an input area has focus.
Are there known issues with a setup like this? Any thing I can do to see what is going wrong?
Just tried that. Got the string “OK” back from that command, but it didn’t seem to do anything in the Kleopatra UI. After running the command, I tried hitting F5 a bunch of times in the Smart Card section, tried removing and reinserting the Yubikey, and even tried Quiting and restarting Kleopatra–still does not work.
Hi,
if the Yubikey stopps working overal, it probably is a problem on the level of the crypto engine GnuPG (for which Kleopatra is just an expert frontend).
You can enable a couple diagnostic messages in logfile to see at least what the backend thinks about this.
Another question is: What does “does not work” mean more concrete?
What operation are you doing? Can you try this on the command line?
For some recent yubikeys we also have a regression in the last version, while this does not really sound like the issue here it might be related https://dev.gnupg.org/T6070 this made it into 4.0.3 as we had to push a release becaus of the CVE. It might be worthwhile to try if 4.0.2 still works until we release 4.0.4 with a fix for T6070.
Thanks for these pointers. I will read the TroubleShooting page and report back.
Regarding “does not work”: my main use case for using Kleopatra with the Yubikey is to use my PGP key for authentication over SSH. From a fresh reboot, this works, and I can see the details of the Yubiey in the “Smartcards” section of Kleopatra. After some amount of time, the details of the Yubikey disappear from “Smartcards” and they key no longer works for authentication over SSH.
I agree with you that the problem sounds like something under the hood and is likely not Kleopatra-specific.
Yes, the Yubikey I am using here is the NEO, so not new. It is good to know about this issue, though, since I also have some YubiKey 5s that I will transition to sometime in the future.
Same problem with my yubikey 5 Nfc and Yubikey 5C Nfc, it seems that kleopatra detects the yubikey only PIV standard copme and not also as smarcard Openpgp, which is why kleopatra itself does not detect well the openpgp saved keys. someone solved it by deactivating PIV module via yubico manager, I tried but then it doesn’t read me the yubico as openpgp smartcard. it must be seen because it cannot read both modules both PIV and openpgp in my opinion
Same problem with my yubikey 5 Nfc and Yubikey 5C Nfc, it seems that kleopatra detects the yubikey only PIV standard copme and not also as smarcard Openpgp, which is why kleopatra itself does not detect well the openpgp saved keys. someone solved it by deactivating PIV module via yubico manager, I tried but then it doesn’t read me the yubico as openpgp smartcard. it must be seen because it cannot read both modules both PIV and openpgp in my opinion
Hi Giovanni,
this is probably a general problem with the crypto engine.
You could try to replace the GnuPG with elder versions to see if Andre’s analysis is good.
Note that the old GnuPG windows builds should not be used for production anymore.
That’s why I await the release of version 4.0.4 which should bring gnupgp 2.3.8, at the moment yubikey 5 nfc are unusable as openpgp if the problem is not solved