search

Yubico / yubikey-personalization

YubiKey Personalization cross-platform library and tool
https://developers.yubico.com/yubikey-personalization/
BSD 2-Clause "Simplified" License
299 stars 82 forks source link

Yubikey4 cannot serve two static keys #92

Open b-irl opened 7 years ago

b-irl commented 7 years ago

yubikey-personalization-gui-3.1.24.tgz

Background:

Yubikey4 (Firmware 4.3.3) is loaded with a static key in Slot 1 and a static key in slot 2 When held for 1 second, Yubikey outputs the static key from Slot 1. When held for 4 seconds, Yubikey outputs the static key from Slot 1.

Issue:

It is not possible to output a static key from slot 2 when there is a static key configured in slot 1.

According my interpretation of the manual, this should not be the case. If the Yubikey is held for between 2 and 5 seconds, it should output the static key from the second slot.

klali commented 7 years ago

I'm unable to reproduce this.

Programming different static passwords into slot 1 and slot 2 and then pressing the button short or holding for a couple of seconds produces different results for me. Can you provide more detail into how the key is programmed for you to get the same results?

b-irl commented 7 years ago

I'm using OpenBSD and the Yubikey Personalization gui from the official ports (pkg_add).

I actually did get it to work (No idea how), but now it is not working again. I did not change configuration of the Yubikey, so I think it has to do with the operating system or firmware.

At one point, I thought the problem seemed to present itself when I implemented protection of configuration on the Yubikey, but I think I have ruled that out.

It's only printing out Slot 1's static key. If I delete Slot 1, it will print slot 2 after 2 seconds. If I reprogram slot 1 in addition to slot 2, it will go back to printing only slot 1.

On the "Settings" page, nothing is selected. Button at startup, enable manual update, etc. Nothing selected.

Also, by configuring only Slot 1, I can enable "fast triggering" which may or may not be working, but enabling "manual update using the button (2.0+)" certainly does not work. After less than two seconds, the static password in "Slot 1" is output, and continuing to hold for ten seconds does nothing further.

I think this has possibly to do with my use of OpenBSD 6.0. Also, I plugged the YubiKey4 into a linux server earlier (Debian Jessie), to see what would happen with that server, and all that happened was flashing from the yubikey. Nothing registered in /var/log/syslog nor dmesg and there was no static password output. That was strange.

Sorry for the delay in responding. I'm not effectively troubleshooting this.

keiji commented 7 years ago

I have the same problem.

I'm using YubiKey Personalization Tool.

YubiKey4 (Firmware 4.3.3) is loaded with a Yubico OTP in Slot 1 and a static key in slot 2 When held for 1 second, Yubikey outputs the OTP characters from Slot 1. When held for 4 seconds, Yubikey outputs the OTP characters from Slot 1.

YubiKey Nano (Firmware 4.1.6) is loaded with a Yubico OTP in Slot 1 and a static key in slot 2 When held for 1 second, Yubikey outputs the OTP characters from Slot 1. When held for 4 seconds, Yubikey outputs the OTP characters from Slot 1.

Issue:

I cannot use Slot 2. However, if I delete Slot 1 configuration. Slot 2 works fine.

Environment

OS: macOS Sierra 10.12.6 YubiKey Personalization Tool: 3.1.24, Library version 1.17.3

Supplemental

I tried Yubikey Personalization Tool(CLI) 1.18.0 ykpers-1.18.0-mac.zip

./ykpersonalize -1 -a78a52984989555af5c41fd31f6f03521 -ostatic-ticket
./ykpersonalize -2 -a78a52984989555af5c41fd31f6f03520 -ostatic-ticket

I'm facing a same problem.

klali commented 7 years ago

Hey,

I don't believe this to be a software error. For us this works fine on different YubiKey 4. Given a key programmed with the commands in your comment I get: gjrrubjhulnrftkfckrtfifhdhhiuecg for a short touch NV9l7dhrcfkfdnfkgcbbhnjdjjdjgfjc after holding the button for about 2 seconds

If the issue persists, please contact Yubico support.

keiji commented 7 years ago

I tried YubiKey Personalization Tool on Windows 10(with Parallels). Same software and library version.

It's works fine.

klali commented 7 years ago

And after being programmed in windows it works for short and long press in macOS?

keiji commented 7 years ago

Yes, yubikeys are working well in macOS. And Yubikey Personalization Tool still doesn't work on my environment(macOS).

klali commented 6 years ago

So let me try to get this straight. If you program your YubiKey on macOS (using ykpersonalize) it fails, what is the exact ouput when programming? If it's programmed on windows both slots work on macOS as well? Did you have other YubiKeys than 4 to try with?

maksathanja commented 6 years ago

Hi, Same problem here. My Yubikey's Slot 1 is configured for OTH and Slot 2 for Static Password. When I press the button for 1 second, I can get output from Slot 1. If I press and hold the button for about 4-5 seconds, still get output from Slot 1. I think my Yubikey cannot understand the difference between pressing and holding the button and does not activate Slot 2. The only way getting my Static Password from Slot 2 is by swapping the slots. And it's painful each time.