Questions tagged [yubikey]
The yubikey tag has no usage guidance.
49
questions
16
votes
3
answers
3k
views
Set Default Security Key Settings (Windows 11)
As of the latest Windows Insider Build (Dev Channel), 23541.1000 ni_prerelease, the following appears when Windows is prompted for security key input:
Whereas before this update, it was only Security ...
- 405
6
votes
1
answer
2k
views
Is it possible to use macOS 'Keychain' + 'TouchID' for pinentry-program?
Is there some way of configuring pinentry-mac, which I currently use to enter the passphrase for my OpenPGP card (a Yubikey), or a different program that'll store the passphrase in the macOS 'Keychain'...
- 621
6
votes
2
answers
20k
views
How to setup SSH/PuTTY to use Yubikey OpenPGP authentication?
I would like to use YubiKey's OpenPGP interface to authenticate myself against my OpenSSH server on Windows 10:
I created the keys according to this:
gpg --card-status
Reader ...........: Yubico ...
- 446
5
votes
1
answer
5k
views
Scdaemon won't detect Yubikey on Windows 10
This has recently started after I updated to Windows 10 1803 (x64). I have updated Gpg4Win to the latest version (3.1.2), but this has not fixed anything.
I have tried the following:
Remove the ...
- 353
4
votes
2
answers
4k
views
Unable to get yubikey neo u2f working in Linux inside of VMWare Workstation
I am unable to get my YubiKey Neo U2F working in VMWare Workstation Pro 12.5. Testing it against Yubico's test site or against Akisec's test site both fail in the guest operating system (running ...
- 8,716
4
votes
1
answer
916
views
How to use PIV smartcards (YubiKey 4) to sign application binaries?
I am about to start using my YubiKey 4 (RSA 2048 bit key) for signing application binaries. There a quite a few tutorials about how to setup this. It seems that most tutorials based on the original ...
- 446
4
votes
1
answer
1k
views
yubikey/gpg-agent always asking for my PIN when running git commit
recently, git has been asking me for my yubikey pin every 3 or 4 times after i've already typed in my pin. this didn't use to happen before. i'm thinking maybe the card isn't getting read correctly or ...
- 41
3
votes
1
answer
2k
views
Which pam module is used for gnome admin password requests?
I have added the yubikey pam module to my sudo pam config, and I like the results—no one can get superuser access through sudo or su without a yubikey.
Setting aside the fact that this is possibly ...
- 133
3
votes
2
answers
2k
views
Yubikey ssh authentication fails with "signing failed for ECDSA-SK"
I have a Yubikey (Security Key NFC by Yubico) that I'm trying to set up on a Linux machine for SSH authentication in Discoverable keys mode. I've followed this tutorial and created the keys with
ssh-...
- 63
3
votes
1
answer
4k
views
SSH server asking for password, but PasswordAuthentication is disabled
what you will see is the current state of a problem I am trying to solve.
I restarted sshd before filling the body this question.
What I am trying to do:
I need to use ssh keys with a yubikey ...
- 91
3
votes
2
answers
4k
views
How to disable OpenSC YubiKey password prompt in Firefox
I have a YubiKey nano plugged into a 2019 MacBook Pro.
When I visit some websites (one public example being Gmail), Firefox brings up a password dialog prompting me to enter the YubiKey password. ...
- 241
2
votes
1
answer
63
views
Windows 11 2FA prompt opens a console instead of a GUI window
Some time ago, I started using FIDO2 keys (Yubikey 5 NFC, to be precise) as a form of second-factor authentication on a few sites that support it.
However, after some change in my system, most likely ...
- 421
2
votes
1
answer
265
views
Can a website detect if the same physical FIDO key is used for multiple accounts?
If I have an account, say with google, and only use that account from location A, using device A, and another google account only used with device B in location B, if I used the same 2fa FIDO key for ...
- 21
2
votes
2
answers
2k
views
YubiKey 5C is not recognized via a docking station
I have a new YubiKey 5C NFC which, when plugged directly in my laptop, works fine. However, when I plug it into my docking station it doesn't work at all.
OS: Linux Mint 20.1
Kernel: 5.4.0-77-generic ...
- 103
2
votes
0
answers
368
views
ssh-add -s Win10
I am unable to add my card using ssh-add -s on Windows 10, ssh-agent is running. Getting below error: C:\Program Files\Yubico\Yubico PIV Tool\bin>ssh-add -s libykcs11.dll
Enter passphrase for PKCS#...
- 21
2
votes
0
answers
2k
views
Bitlocker Full Drive Encryption with YubiKey
I'd like to secure the hard discs of a new Windows 10 (Pro/Enterprise) PC with BitLocker full disc encryptuon using hardware tokens and PIN (real 2FA).
How can I set up a YubiKey so I can use it as ...
- 2,124
2
votes
0
answers
1k
views
Why can't I add an elliptic curve certificate (smartcard, Yubikey, piv) as protector to a BitLocker protected partition?
Yubikey as SmartCard
I have been using a SmartCard (Yubikey 4, PIV interface) with RSA certificate to unlock BitLocker protected drives. The certificates are self-signed and generated by the Encrypted ...
- 552
2
votes
1
answer
2k
views
Yubikey with Kleopatra on Windows 10
I have a Yubikey 4C Nano that I use with Linux and MacOS without issue. Recently, I installed a version of Windows on my macbook pro that allows me to dual-boot (so I can run the windows version of ...
- 391
1
vote
2
answers
2k
views
Unable to use Windows OpenSSH agent with GPG Agent and Yubikey
I have a Yubikey which has ed25519 certificates loaded onto it. One of these is an authentication certificate. I'm able to export the sha has of this by running gpg --export-ssh-key {key_id}, and ...
- 318
1
vote
1
answer
706
views
How does the Key generation for Yubikeys/FIDO2 keys work if you can generate an infinitive amount
I'm asking myself how they have done it, or if anyone could explain it to me.
I have found this source where it is described, but I don't quiet get it.
For my understanding, it is not storing the ...
- 41
1
vote
1
answer
445
views
How can I use a U2F hardware authenticator to unlock a SSH key in a computer I am SSH'd into?
I have a number of computers on which I've generated a ed25519-sk SSH key all using the same U2F hardware authenticator (yubikey 5C NFC). I'm now in a situation involving three computers: X, Y, and Z. ...
- 123
1
vote
1
answer
482
views
What is the cryptographic relationship between an ssh key and my Yubikey?
I am curious what is the cryptographic relationship between the generated ssh private (and public) key when I use my Yubikey to add an extra layer of protection.
Does ssh-keygen write anything into ...
- 132
1
vote
1
answer
799
views
GPG periodically loses connection to yubikey on monterey
The connection between gpg and my yubikey appears to periodically fail. Decryption attempts are met with the pinentry-mac dialog "please insert card with serial number X".
gpg --card-status -...
rueberger
1
vote
1
answer
800
views
Preventing Win 10 from automatically installing certificates from smart cards
A short background on the issue. I have a Yubikey 5 with PIV containing 3 personal certificates. One of the certificates is also installed locally on my Win 10 machine. All the certificates contain ...
- 125
1
vote
1
answer
55
views
Yubikey FIPS Approved Mode
I'm having issues getting my Yubikey FIPS version to unlock and exit the FIPS approved mode.
You can see below that I first put the yubikey into fips mode by setting an admin pin. Then, I ...
- 21
1
vote
1
answer
2k
views
Yubikey 4 not working (Linux & Windows)
I received a Yubikey 4 a few days ago. I got it along a special WIRED Magazine offer. The problem with the key is, that it is not recognized neither by Windows 10, nor by Linux (Mint 18).
Linux
When ...
- 335
1
vote
1
answer
58
views
store onion address inside yubikey
I would like to be able to save an onion (v3) address, without the final string .onion inside a yubikey safely.
I want the yubikey that provide this address in plain text at the touch event.
I have ...
- 11
1
vote
0
answers
64
views
YubiKey Authenticator App doesn't recognize YubiKey after unlocking the card via PinEntry
I've got a pretty basic password/OTP set up on macOS:
my YubiKey has the sig/aut/enc subkeys to encrypt/decrypt my passwords in the password store
my OTPs are solely on my YubiKey - I use the Yubikey ...
- 111
1
vote
0
answers
773
views
Error when register Yubikey Bio with website
I am having an issue registering a yubikey bio with a website. I have managed to register a Yubikey 5 series with the website without issue however when I try with the Yubikey bio I get an error like ...
- 183
1
vote
0
answers
400
views
Best strategy after losing GPG/PGP key passphrase (but still access to YubiKey)
When I got my first YubiKey several years ago, I created a new GPG key specifically for it. After uploading the private key to the YubiKey (keytocard), I also stored an armored copy of the private key ...
- 1,112
1
vote
1
answer
4k
views
gpg: decryption failed: No secret key
First, I spent an hour trying answers with similar titles so please read this through before flagging this question as a duplicate.
I use a YubiKey to store my PGP private key using its smart card ...
- 1,010
1
vote
1
answer
670
views
Programmatically unlock PIV slot 9a with OpenSC for another application
I'm using a Yubikey 4 with a certificate loaded in PIV slot 9a (PIV Authentication; OpenSC slot 0).
Inside Firefox 64, I am using the OpenSC PKCS#11 driver.
What I want to accomplish is to "unlock" ...
- 53
1
vote
0
answers
66
views
GPG should fail silently when external card is not inserted, instead of asking over and over
I'm running Linux.
I have a Yubikey 4, where my GPG subkeys are stored. On the computer, gpg-agent transparently uses these keys.
The problem is when I don't have my Yubikey inserted. If anything ...
- 2,082
0
votes
1
answer
2k
views
SSH Using YubiKey 5 and ED25519 Algorithm
I am starting to use a YubiKey 5 to ssh into remote boxes instead of using a software key. I am generating the keys using this command:
ssh-keygen -t ed25519-sk
This works when I ssh into Ubuntu, but ...
- 103
0
votes
1
answer
650
views
Signing a message with a SmartCard / Yubikey
So I've gone through a pretty bog-standard GPG-key-setup process, and then used addtokey to move said keys onto a Yubikey 4.
Now, on a fresh setup, I want to try and use those keys, to sign something....
- 2,525
0
votes
1
answer
460
views
Mac GPG can't generate smartcard keys
Mac OS X Catalina 10.15.7, Homebrew GPG 2.2.23, brand new Yubikey 5C Nano, homebrew pinentry-mac 0.9.4
% gpg --card-edit
Reader ...........: Yubico YubiKey OTP FIDO CCID
Application ID ...: ...
- 101
0
votes
1
answer
485
views
How do I get Windows applications to recognize my YubiKey?
I have successfully used my YubiKey to get my Chrome and Firefox browsers to get my 2-step verification to work with my Google account.
Unfortunately, I have a few Windows applications which I cannot ...
- 101
0
votes
1
answer
3k
views
Sharing Yubikey between host and VMWare
I have a Yubikey 4 working on my Win10 host machine, but also want to use in my VMWare Workstation 12 Win7 session.
At first, connecting to the shared Yubico device failed, because Windows could not ...
- 4,247
0
votes
0
answers
27
views
Login to Windows using the Yubico Security Key C NFC
Is there a way to use the Security Key C NFC (not to confuse with other yubico keys) to login on windows? Yubico states that it is not possible. My many onlineservices are compatible with my key and ...
0
votes
0
answers
32
views
Windows YubiKey GPG works with putty but not terminal
I created three gpg subkeys stored on my YubiKey as described here. I added enable-ssh-support and enable-putty-support to my gpg-agent.conf file. Everything works when accessing a server with the ssh-...
Marvin34565
0
votes
0
answers
33
views
Cannot setup pam_oath with Yubikey: OTP not authorized to login as user
So, what I want is to login to system with Yubikey as a second factor or the only factor.
I use Linux Mint 21.3, my Yubikey is 5C NFC.
My /etc/pam.d/common-auth:
auth [success=1 default=ignore] ...
0
votes
0
answers
91
views
No passkey icon option on Windows 10
I am trying to enable passkey login on Windows 10 devices.
I have enabled UseSecurityKeyForSignin and EnableFIDODeviceLogon as well as enabled WHfB in gpedit.msc According to RSOP, passkey login is ...
- 1
0
votes
1
answer
2k
views
YubiKey not working (device not found) in WSL while it works perfect under Windows directly
I use Yubikey to connect to multiple servers. I am doing this under windows and this works perfectly fine with my sshconfig in the .ssh directory.
Now I have a case where I need to run some things ...
- 1
0
votes
0
answers
361
views
YubiKey changed identity
I unplugged my YubiKey und plugged it in a while later. When I try to login on websites using the hardware key I now get a popup from Chrome stating "the security key doesn't look familiar".
...
- 185
0
votes
1
answer
4k
views
Why YubiKey (USB key) needs administrator rights (or any other device)
Some time after a clean install of Windows 10 or 11 and using Yubico keys (USB keys), they need administrator rights to programs to detect it.
It happens randomly, or I don't remember / can't imagine ...
- 101
0
votes
0
answers
72
views
Are there solutions to boot to a hidden OS only when special usb key is present?
My laptop was stolen recently.
Unfortunately I did not take the time to install a honeypot on it.
With my new laptop I am thinking about installing a honeypot OS and a hidden OS that I will use for my ...
0
votes
0
answers
150
views
Strong encryption for a local file (PGP)
Just a quick disclaimer: I initially posted this question to Crypto site but was told it was too specific for that site.
I am looking for a safe method to encrypt a local file on my machine. Let's ...
- 125
0
votes
1
answer
310
views
make .ssh/id_rsa read key from yubikey
I have my ssh keys within a yubikey, I use gpg-agent.conf with something like this:
pinentry-program /usr/local/bin/pinentry-mac
enable-ssh-support
default-cache-ttl 60
max-cache-ttl 120
This helps ...
- 313
-1
votes
1
answer
919
views
Using ssh key on Yubikey on Sourcetree program
I can not make sourcetree work with the ssh key that i have in my yubikey.
Does anybody know how can i fix it?
Thank you.
P.D: I have tried different recommendations that i found on the internet, ...
- 11