Two events are raised when inserting one Yubikey device.

Yubico / Yubico.NET.SDK

A YubiKey SDK for .NET developers

Apache License 2.0

96 stars 48 forks source link

Two events are raised when inserting one Yubikey device. #20

Closed DSBloom closed 1 year ago

DSBloom commented 1 year ago

When I insert a Yubikey device I get two events being raised. The first one contains the device I expect. And the second one is a mostly "empty" instance of IYubikeyDevice that only has the FIDO2 capability.

The page here https://docs.yubico.com/yesdk/users-manual/sdk-programming-guide/device-notifications.html says that this should not be happening, under the section One YubiKey = One Event..

Do I perhaps something mis-configured? This happens with Yubikey 4 and 5 FIPS keys.

GregDomzalski commented 1 year ago

If you see a second "mostly empty" IYubiKeyDevice, it means that for some reason the device matching failed. The way we do this is by attempting to match based on the operating system's PnP tree (this only works reliably to match the two HID devices), and then by matching based on the serial number of the YubiKey.

Is the SDK able to resolve a serial number for both of the IYubiKeyDevice instances? (You can check the SerialNumber property) Are they the same number? Or is it unavailable on one or both of those instances?

I'm surprised that both PnP and serial matching would fail, unless we had issues communicating with the key.

Just to check: are you using the latest SDK version? (1.4.0?)

DSBloom commented 1 year ago

The second device looks like this:

Yes I am using the latest SDK, version 1.4.0

GregDomzalski commented 1 year ago

Sorry - picking this back up after the long weekend.

So the empty YubiKey doesn't have a serial number. Does the other, more populated key have it present?

Is the process running as elevated?

If you ToString the YubiKeys, there should be some additional info: HasSmartCard, HasHidFido, HasHidKeyboard. What are the values for each of those on each of the IYubiKeyDevices that you get back?

DSBloom commented 1 year ago

If I hit a breakpoint in my application and run the following command in the Immediate Window YubiKeyDevice.FindAll().ToList() this is the output I get:

Count = 2
    [0]: {- Firmware Version: 5.4.2
- Serial Number: 16590660
- Form Factor: UsbAKeychain
- FIPS: True
- SKY: False
- Has SmartCard: True
- Has HID FIDO: False
- Has HID Keyboard: False
- Available USB Capabilities: Otp, FidoU2f, Ccid, Piv, Oath, Fido2
- Available NFC Capabilities: Otp, FidoU2f, Ccid, Piv, Oath, Fido2
- Enabled USB Capabilities: FidoU2f, Ccid, Piv
- Enabled NFC Capabilities: FidoU2f, Ccid, Piv
}
    [1]: {- Firmware Version: 0.0.0
- Serial Number: 
- Form Factor: Unknown
- FIPS: False
- SKY: False
- Has SmartCard: False
- Has HID FIDO: True
- Has HID Keyboard: False
- Available USB Capabilities: FidoU2f
- Available NFC Capabilities: None
- Enabled USB Capabilities: None
- Enabled NFC Capabilities: None
}

GregDomzalski commented 1 year ago

I believe this issue should now be resolved in the latest release (1.6.0). Please give that a try.

I am resolving this issue - however if you continue to encounter this even on the new version, please feel free to reopen.