OS X - 10.9 Maveriks; Personalization Tool presents error when a YubiKey is plugged in.

[Yubi-David]

When running the Personalization tool on OS X 10.9 - Mavericks, it is not able to program any YubiKey plugged into the host Machine. In the upper right corner, where the tool displays if a YubiKey is inserted, it is instead reporting and error message when a YubiKey is plugged in.

[klali]

Unable to reproduce.

What error message is it?

[Yubi-David]

Error message is "Unknown error occurred"

Link to Salesforce case reporting issue: https://eu1.salesforce.com/500D000000VrwBA

[jacobian]

The problem appears to be permissions-related. Running the tool as root works:

$ sudo /Applications/YubiKey\ Personalization\ Tool.app/Contents/MacOS/YubiKey\ Personalization\ Tool

[klali]

this is probably a library error: Yubico/yubikey-personalization#34 for me it works fine when running both 10.8 and 10.9, both standard account and admin account. @jacobian anything else permissions related on your computer? what error message do you get, just "No YubiKey inserted" or "Unknown error occurred"?

/klas

[zgiles]

I found the same problem. It worked with the sudo command above..

[johntdyer]

any update here?

[zgiles]

Still need sudo AFAIK

[johntdyer]

@zgiles - yea thats pretty clear but I am wondering the plan is to resolve it ?

[klali]

The problem with this issue has been reliably reproducing it. So if you have this error, answering these questions might help:

• What type of user account is the account running the tool? (and other circumstances around this)
• What error message is displayed?
• If you right click the Yubico logo and show diagnostics, is there an error message there?
• Get the CLI tools from http://opensource.yubico.com/yubikey-personalization/releases.html
  • Does ykinfo -a work? what's the output?

/klas

[andres-ortiz]

I'v got the same problem on mac osx 10.10

On the right i can see a red message "Unknow error occured" when my yubikey is plugged the diagnostic message is "USB Error: kIOReturnSuccess"

[n2aws]

OS: Mavericks 10.10.1 What type of user account is the account running the tool? (and other circumstances around this) Admin account What error message is displayed? See the dropbox link to 2 screenshots below. If you right click the Yubico logo and show diagnostics, is there an error message there? See the dropbox link to 2 screenshots below. Get the CLI tools from http://opensource.yubico.com/yubikey-personalization/releases.html Does ykinfo -a work? what's the output? $ ./ykinfo -a USB error: kIOReturnSuccess jpalmer-mbp:bin jpalmer$ sudo ./ykinfo -a Password: serial: 3036758 serial_hex: 2e5656 serial_modhex: dughgh version: 3.3.0 touch_level: 1285 programming_sequence: 1 slot1_status: 1 slot2_status: 0 vendor_id: 1050 product_id: 116

[n2aws]

The dropbox link: https://www.dropbox.com/sh/olbye1phuy11cq6/AAAIJeA6axMCnBYAGApZZsCRa?dl=0

[gavinsimpson]

I have the same problem on Linux (Fedora 22 using the binaries from Fedora's pkg repo). If I run yubikey-personalization-gui as a normal user I see "Unknown error occurred" in red in the top right. All the details of the inserted Yubikey etc that should be located in the right-hand-side panel is all shown as N/A.

Right clicking on the Yubico logo and displaying detailed diagnostics shows the following log:

2015-10-03T16:05:05; App_version: 3.1.20; Lib_version: 1.17.1; QT_version: 4.8.6; OS_version: Linux; Word_size: 64
2015-10-03T16:05:06; USB Error: Access denied (insufficient permissions)
....

with repeated USB Error: Access denied (insufficient permissions) entries as the app continues to poll.

I'm unable to run the GUI as root or via sudo as the following errors occur:

$ su -c "yubikey-personalization-gui" 
Password: 
Qt: Session management error: None of the authentication protocols specified are supported
QInotifyFileSystemWatcherEngine::addPaths: inotify_add_watch failed: No such file or directory
QFileSystemWatcher: failed to add paths: /root/.config/ibus/bus
Bus::open: Can not get ibus-daemon's address. 
IBusInputContext::createInputContext: no connection to ibus-daemon 
X Error: BadAccess (attempt to access private resource denied) 10
  Extension:    130 (MIT-SHM)
  Minor opcode: 1 (X_ShmAttach)
  Resource id:  0x140
X Error: BadShmSeg (invalid shared segment parameter) 128
  Extension:    130 (MIT-SHM)
  Minor opcode: 5 (X_ShmCreatePixmap)
  Resource id:  0xd6
X Error: BadDrawable (invalid Pixmap or Window parameter) 9
  Major opcode: 62 (X_CopyArea)
  Resource id:  0x2200015
X Error: BadDrawable (invalid Pixmap or Window parameter) 9
  Major opcode: 62 (X_CopyArea)
  Resource id:  0x2200015

Running ykinfo as a normal users produces the same error about insufficient permissions:

$ ykinfo -a
USB error: Access denied (insufficient permissions)

but running the same things via sudo I get:

$ sudo ykinfo -a
serial: 2601396
serial_hex: 27b1b4
serial_modhex: dinbnf
version: 2.4.2
touch_level: 2307
programming_sequence: 3
slot1_status: 1
slot2_status: 1
vendor_id: 1050
product_id: 10

The version of the GUI I'm using is:

Installed Packages
Name        : yubikey-personalization-gui
Arch        : x86_64
Epoch       : 0
Version     : 3.1.20
Release     : 1.fc22
Size        : 1.0 M
Repo        : @System
From repo   : fedora
Summary     : GUI for Yubikey personalization
URL         : http://opensource.yubico.com/yubikey-personalization-gui/
License     : BSD
Description : Yubico's YubiKey can be re-programmed with a new AES key. This is a graphical
            : tool that makes this an easy task.

[omnidan]

Same issue here, but even running with sudo does not fix it for me (OS X 10.11):

> sudo ykinfo -a
Yubikey core error: no yubikey present

The personalization tool shows "No YubiKey inserted" when ran normally and does not run at all with sudo.

EDIT: Seems like my Yubikey isn't supposed to work with it - https://www.yubico.com/products/yubikey-hardware/fido-u2f-security-key/#toggle-id-10

[MikeWeller]

I have this problem on El Capitan. Pretty frustrating to plug in the new toy and it doesn't work with the software. Running through sudo is not ideal and isn't documented anywhere from what I could see.

edit: I originally said "Yosemite" but meant "El Capitan"

[kevinSuttle]

What @MikeWeller said.

[shawnb70]

Same issue with 10.10.5 and Yubikey neo. The command line personalization tools work fine when run with sudo, but give USB error messages as above when run as an unprivileged user.

[TomK]

New replacement keys arrived this week, but now i'm also having a problem with the personalisation tools. It shows "No YubiKey inserted". Although this time I am able to use the key (on Github and Google) with the default configuration. I've been unable to launch as root however, so can't confirm that.

[SueHeim]

Hi @TomK, Are the new replacement keys you received related to the GitHub replacement keys? If so, those are U2F-only keys and cannot be configured. Meaning, they will not be recognized by the YubiKey Personalization Tool (see https://www.yubico.com/faq/why-doesnt-the-yubikey-personalization-tool-recognize-my-security-key/). The Security Key can be used with GitHub and Gmail (as you've seen) as well as Dropbox, and any other service that uses the U2F protocol.

Does that help with your issue? If not, please ignore me...

[TomK]

@SueHeim Thank you, that resolves my problem. The previous "broken(?)" keys were configurable with the personalization tool, so I wrongly assumed these new ones would be too. My mistake. They work fine as U2F keys. Thanks!

[SueHeim]

@TomK, glad to help you with your issue! Note that we are still offering a 20% discount on all YubiKeys for GitHub users. Just go to our store (https://www.yubico.com/store/) and sign in with your GitHub account. You can buy keys that can be configured, and that are also U2F (both the YubiKey NEO and YubiKey Edge are U2F-certified).

[voidzero]

Meh. The "unknown error occurred" should be replaced by an error that makes more sense. In this case, it's a known error: "permission denied".

Secondly such a problem can be mitigated properly by using an udev ruleset. Is any such ruleset available from somewhere? The sudo recommendation is a poor workaround. The Yubikey is to enhance security. Another good security practice is "don't get used to using sudo."

Yubico, C'mon. Fix this properly, please.

[klali]

@voidzero this issue is about problems on OS X. For linux udev rules are included with the library package yubikey-personalization that is a dependency of this software and should be installed with it.

[voidzero]

I would still like it if the 'unknown error' could be changed to something more descriptive, but other than that you're right: what I said about Linux rules is irrelevant so I stand corrected on that. Apologies.

[gavinsimpson]

@klali Re:

this issue is about problems on OS X

Should I start a new issue for Linux as I'm seeing the same permissions issues on sveral Fedora 22 machines as I mentioned above. (And I do have ykpers [what fedora calls yubikey-personalization] installed with udev rules.)

[klali]

@gavinsimpson please do. if the ykpersonalize tool fails as well please open the issue on https://github.com/Yubico/yubikey-personalization instead.

[scottpineapple]

Same error here of "2015-12-18T18:25:31; USB Error: kIOReturnSuccess"

Running Mac OS X 10.11.

sudo ykinfo -a shows: "... version: 4.1.10 touch_level: 527 programming_sequence: 3 slot1_status: 1 slot2_status: 1 vendor_id: 1050 product_id: 403"

Running tool as sudo does not resolve issue. :(

[ocsi01]

Same like @scottyknows

Touching the yubikey gives me the OTP string.

sudo ./ykinfo -a serial: xxxxxxxx serial_hex: xxxxx serial_modhex: xxxx version: 2.5.1 touch_level: 1793 programming_sequence: 1 slot1_status: 1 slot2_status: 0 vendor_id: 1050 product_id: 10

Personalizations tool UI and Authenticator UI on Mac is not working. ('unknown error' , "No Yubikey Found")

[RichardStyles]

I had this issue having only just got a new key.

OSX 10.11.5 Admin user account Installed Personalisation tool Installed PIV manager (requested restart as per install) After restart Personalisation tool threw the unknown error & only sudo on ykinfo would yeild a response from my new yubikey. The PIV manager could see and read the card. Restarted OSX (2nd time) and the Personalisation tool is now recognising the Yubikey.

Very odd error & hoping it does not return.

[danielgriggs]

Wow, I have to say the support for this tool is terrible so far.

I am using MacOSX Sierra attempting to use the the personalisation tool from the App Store doesn't work. It just produces the error message "Unknown error occurred".

The log just shows;

2016-09-28T08:24:18; App_version: 3.1.24; Lib_version: 1.17.3; QT_version: 5.5.1; OS_version: OS X unknown; Word_size: 64
2016-09-28T08:24:19; USB Error: kIOReturnSuccess
2016-09-28T08:24:20; USB Error: kIOReturnSuccess
2016-09-28T08:24:21; USB Error: kIOReturnSuccess
2016-09-28T08:24:22; USB Error: kIOReturnSuccess

Running the PIV application works fine with no error messages.

Running the Personalisation App under sudo fails.

MacOSX:~ daniel$ sudo /Applications/YubiKey\ Personalization\ Tool.app/Contents/MacOS/YubiKey\ Personalization\ Tool
Password:
Illegal instruction: 4
MacOSX:~ daniel$

Not sure why this hasn't been addressed in the two years since this ticket was opened.

[danielgriggs]

Found what's causing it, I am surprised that YubiCo has been unable to reproduce it ever.

https://mig5.net/content/secure-keyboard-entry-os-x-blocks-interaction-yubikeys

[klali]

@danielgriggs that has been discussed in https://github.com/Yubico/yubikey-personalization/issues/34 and people have reported mixed success. I'm very happy to hear that that solution worked for you and would be happy for more feedback if that helps for others.

[shish]

Just upgraded to OSX Sierra - now I'm also getting "unknown error" in the GUI when run as normal user, and "Illegal instruction: 4" when run with sudo :(

[crahan]

Experiencing the same issue since upgrading to Sierra for my Neo-n. No issues with my Yubikey 4 though. That displays fine in the personalisation tool.

[rwlodkowski]

Got the same problem as @shish . Any ETA to fix this issue?

macOS 10.12 (16A323)

[ur5us]

In case it helps debugging, sometimes plugging in multiple times results in the Yubikey being recognized for probably 1 – 2 seconds but then I get "Unknown error occured" again so it's still unusable on macOS 10.12.1.

[bisko]

I just noticed something else that can cause the kIOReturnExclusiveAccess error in the Diagnostics screen, which you can access by Right-clicking the yubico logo on the bottom right.

If you're running a keyboard altering tool, like Karabiner ( old KeyRemap4MacBook or the newer version Karabiner-Elements ) it may be causing the Secure Keyboard Entry protection or something similar to it to activate, which blocks access to the YubiKey.

Try to stop all possible external tools you may have installed and see if the YubiKey will get recognized.

UPDATE: It seems that there is no need to quit Karabiner-Elements. You just have to untick the YubiKey in "Modify events from this device" under the Devices tab. I think it needs to be done for each key if there are multiple keys.

[ur5us]

@bisko Thanks so much, that does solve the problem for me on macOS 10.12.1/2. I am using Karabiner-Elements and after turning it off the personalization tool recognizes the YubiKey 👍

[bisko]

@ur5us I posted an update above. It's an easier fix than having to quit Karabiner-Elements :)

[ur5us]

@bisko Awesomesauce!

[magiconair]

@bisko I can confirm that this works.

[rwlodkowski]

@bisko Yep. Same here. When the Karabiner-Elements is running YubiKey can't be recognised, when it's stoped YoubiKey is recognised properly. Same is true with just unticking your YubiKey under 'devices' section of Karabiner-Elements. Thanks!

[tiffehr]

~I just ran into this, with a brand new 4Nano AND an old 1st-generation Yubikey Standard. I'm on a all-but-fresh Mac OS Sierra (10.12.4 (16E195)) install and a fresh Personalization Tools (3.1.24) install. I see USB Error: kIOReturnExclusiveAccess, with occasional flickers of a connected Yubikey that immediately flash back to "Unknown error occurred"::"kIOReturnExclusiveAccess".~

~Karabiner is disabled in full.~ ~iTerm/Terminal allow unsecure keyboard entry.~ ~My user is root; sudo works but makes no difference with finding either Yubikey.~

Rather than quitting Karabiner, simply toggling off its awareness of either Yubikey solved it. Both popped back up. Still frustrating, that some background process locks them down even if Karabiner is fully disabled.

[hofesh]

@bisko you're a life saver. Tried everything, can't believe this was the issue.

[therealklanni]

I just bought the blue Yubikey (i.e. not NEO or 4), and I'm unable to use it at all. I'm seeing "No YubiKey inserted" in the app (installed from App Store). Also tried ykpers (1.18.0), but I get Yubikey core error: no yubikey present even with sudo. I tried turning off "Secure Keyboard Input" in Terminal, rebooted, but the YubiKey is still not recognized by the personalization tool (either GUI or CLI).

Running ioreg -p IOUSB -l -w 0 outputs:

Security Key by Yubico@14200000  <class AppleUSBDevice, id 0x10000074c, registered, matched, active, busy 0 (14 ms), retain 14>
        {
          "sessionID" = 328984826792
          "iManufacturer" = 1
          "bNumConfigurations" = 1
          "idProduct" = 288
          "bcdDevice" = 1075
          "Bus Power Available" = 250
          "USB Address" = 15
          "bMaxPacketSize0" = 64
          "iProduct" = 2
          "iSerialNumber" = 0
          "bDeviceClass" = 0
          "Built-In" = No
          "locationID" = 337641472
          "bDeviceSubClass" = 0
          "bcdUSB" = 512
          "USB Product Name" = "Security Key by Yubico"
          "PortNum" = 2
          "non-removable" = "no"
          "IOCFPlugInTypes" = {"9dc7b780-9ec0-11d4-a54f-000a27052861"="IOUSBFamily.kext/Contents/PlugIns/IOUSBLib.bundle"}
          "bDeviceProtocol" = 0
          "IOUserClientClass" = "IOUSBDeviceUserClientV2"
          "IOPowerManagement" = {"DevicePowerState"=0,"CurrentPowerState"=3,"CapabilityFlags"=65536,"MaxPowerState"=4,"DriverPowerState"=3}
          "kUSBCurrentConfiguration" = 1
          "Device Speed" = 1
          "USB Vendor Name" = "Yubico"
          "idVendor" = 4176
          "IOGeneralInterest" = "IOCommand is not serializable"
          "IOClassNameOverride" = "IOUSBDevice"
        }

macOS Sierra 10.12.6 (16G29)

tl;dr — I tried everything I've seen suggested here and on the forums, but YubiKey is not recognized by the Personalization Tool. I actually purchased 3 of these and the result is the same with all units.

I'm very disappointed, but hopeful.

[therealklanni]

:sigh: just found this on the website after more digging. It should really be made much more clear (on the product page and on the page for the Personalization Tool) that this key cannot be personalized. Looks like I'll be returning the ones I bought.

The YubiKey Personalization Tool is used to program YubiKeys such as YubiKey 4 and YubiKey NEO, which offer other protocols in addition to U2F. The FIDO U2F Security Key by Yubico is a U2F-only device that cannot be programmed.

[sbmarcos]

I'm having this exact same issue in High Sierra (10.13.5)

[raamdev]

I just experienced the "Unknown error occurred" on macOS 10.14.4 using a Yubikey 5C. After reading @bisko's comment about Karabiner and Secure Keyboard Entry protection, I remembered having problems with Secure Keyboard Entry protection and TextExpander v6.5 / 1Password.

Sure enough, switching to TextExpander and closing the window (Command-W), then re-inserting my Yubikey solved the problem with the YubiKey Personalization Tool being unable to read the key.

I've added the Yubikey Personalization Tool to the app exclusion list for TextExpander (TextExpander → Preferences → Expansion → Default is to expand snippet groups in: all applications, except...). I wasn't able to reproduce the original issue, so I'm not sure if this helps solves the problem, but I thought I'd note here that TextExpander / 1Password may also cause these issues with Secure Keyboard Entry protection.

[LaurentFough]

This is still alive, but thanks to some of the comments here, I was able to quickly discern which app was causing the interference.

All components of my Yubico/yubikey install are up-to-date.

Initially, I suspected: KeyCue, or Typinator (or Rocket: floating emoji panel) as those were the only type of keypress event monitoring apps that are running on my machine.

Secure Keyboard Entry is always active — disabling it had no effect. ^^Re-enabled, “because: security”.

Eventually turned out to be Rambox. Specifically, you’ll have to go open:

System Preferences ➞ Security & Privacy ➞ Automation ➞ Rambox ➞ uncheck “System Events”

Just an FYI, in-case anyone comes across this still.

[livsnjutare]

System Preferences ➞ Security & Privacy ➞ Privacy ➞ Input Monitoring ➞ check the "YubiKey Personalization Tool".

https://support.apple.com/guide/mac-help/change-privacy-preferences-on-mac-mh32356/mac