ykinfo: get serial doesn't work

[FlorinAndrei]

OS X 10.9.5 MacBook Air ykpers 1.16.0 YubiKey NEO firmware 3.2

Options -s, -m, -H, -a (anything that involves get serial) fails like this:

$ ./ykinfo -a
Yubikey core error: timeout

Other commands work okay.

$ ./ykinfo -v
version: 3.2.0

[klali]

What mode is the Neo in when you try to read the serial?

For the 3.2 firmware if it's in composite otp+ccid and the ccid part is in use (or what's called acquired) serial reading will fail.

[FlorinAndrei]

We need both OTP and CCID, so both are enabled. But CCID isn't actively used - I'm not authenticating ssh at that time, or anything like that.

[klali]

so if you're using it with gnupg if scdaemon is running it holds on to the card, making it only switch to OTP by pressing the button and emitting an OTP.

[FlorinAndrei]

I do have gnupg enabled to use the smartcard on the NEO. gpg-agent is running all the time, but scdaemon is only running occasionally, as far as I can tell - only when gpg-daemon actually needs the card.

However, I've noticed something else:

$ ps -ef | grep -i scd
    0  1714    15   0 12:53PM ??         0:00.21 /usr/sbin/pcscd -f

After killing it, ykinfo -a started running again.

I've done a bit of googling, and disabling pcscd doesn't seem to be trivial. It looks like it's launched automatically when a smartcard is detected.

[klali]

Yes. this is in line with expectations, the CCID being active locks down the OTP interface to API requests of Neos before 3.3. OTP with button should still work though.

[klali]

Closing this since it's a Neo limitation, not a software error.