PC/SC Yubikey interface does not work in Linux AppImage

[StarGate01]

Overview

Using the latest release KeePassXC-2.7.0-x86_64.AppImage, the console reports:

YubiKey: Failed to establish PCSC context.
YubiKey: PCSC interface is disabled or not initialized.

Any wireless connections don't work for the NFC YubiKeys.

Steps to Reproduce

Start the AppImage and try to connect a YubiKey via a wireless reader.

Expected Behavior

The YubiKey gets recognized properly and the connection to the PC/SC daemon works.

Actual Behavior

The key is not recognized, and the PC/SC interface fails to initialize.

How To Fix

As discussed in the Matrix chat, the libpcsclite-dev packet used in the Docker image (https://github.com/keepassxreboot/keepassxc-ci-docker), which is used to build the AppImage, is out of date. I got it working by specifying libpcsclite-dev=1.9.1-1ppa~bionic1 from another PPA. I suggest adding an up-to-date version of libpcsclite-dev to the PPA used by KeePassXC (ppa:phoerious/keepassxc), and using that one in the Dockerfile.

Context

KeePassXC - Version 2.7.0 Revision: d7a9ef4 Distribution: AppImage

Operating System: Linux Desktop Env: XFCE Windowing System: X11

[martinfischer]

YubiKey is also not working in the PPA installation on Ubuntu 20.04.

My System is able to interact with the yubikey through other software, but keepassxc is not able to detect any hardware keys, or at least not the yubikey.

Was broken in 2.7, still broken in 2.7.1 today.

[droidmonkey]

Make sure you have the yubikey udev rules installed.

[bmharper]

I've just experienced the same thing. My udev rules were missing.. not sure if I ever needed to do that before. Anyway, even after updating my udev rules, KeePassXC (2.7.1) is still failing to see my yubikey on Ubuntu 20.04.

This has been working fine for years.

[droidmonkey]

If you are using the snap you need to give it permission to use raw-usb. https://keepassxc.org/docs/#faq-appsnap-yubikey

[martinfischer]

yubikey udev rules are installed. I am using the ppa package, not the snap.

The yubikey is working, Yubico Authenticator is able to detect the key on the same system.

(Re)Loading the hardware key shows nothing in keepassxc since version 2.7.0 and 2.7.1 did not fix the problem.

[martinfischer]

For reference I tried the snap now, gave it all the permissions and the yubikey also here is not detected.

[martinfischer]

Got it working: libyubikey-udev was apparently removed as a dependency somewhere at some point and was not installed.

By installing this package manually the problem has been fixed.

[droidmonkey]

Ok so this issue was hijacked, @StarGate01 can you confirm your udev rules for pc/sc?

[StarGate01]

@droidmonkey I am not quite sure what you mean, the udev rules of the CCID driver for pcsc are a concern of only the host system which runs the pcsc daemon .The application talks via PC/SC to the daemon in order to access abstract devices via a socket. There are many different PC/SC compatble readers, and CCID usually handles all of them or the vendor provides a driver fragment.

I found this rules file for the CCID driver, which is usually installed when the driver is installed: https://salsa.debian.org/rousseau/CCID/-/blob/master/src/92_pcscd_ccid.rules

[droidmonkey]

Sorry I got myself confused... this is really about the version of the pcsc lib used in the appimage build. That is tasked to @phoerious to maybe bring that updated version into the ppa.

Unless this is fixed in the 2.7.1 build of the appimage?

[StarGate01]

For me it does not work in the 2.7.1 AppImage, but since the qDebug statement is not compiled into the release builds anymore (I think?), the console does not print anything.

[droidmonkey]

Correct, we no longer print those debug messages in release builds. Snapshot builds will print the debug messages.