Hi all, At my workplace, we've recently adopted YubiKeys as a means for doing 2FA, I've been using mine for 2FA-based authentication with OpenSSH servers (using `gpg-agent` and the YubiKey OpenPGP applet), and we plan to use the PIV component of these keys to authenticate with some HTTPS services.
I've also set up the OpenPGP part for code signing and email security. Under GnuPG 2.2, I mostly had this working. Sometimes GnuPG would block `opensc-pkcs11` or vice versa and I'd have to either re-plug the dongle and/or tickle it with `gpg --card-status` when I try to commit something or log into a server. It seems under GnuPG 2.3 (v2.3.2 currently on Gentoo Linux), OpenSC seems completely unable to communicate with the PIV applet on the same YubiKey as GnuPG. As it's likely we'll be swapping between using HTTPS and SSH frequently, I'd like the two services to co-operate if at all possible, nothing on paper suggests why these should be in conflict. - Has anyone managed to do the above? - any particular advice regarding `opensc` drivers, is `pcscd` needed? - Is this just a quirk of the YubiKey? (e.g. is NitroKey¹ affected?) -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. 1. Watching these from a distance, but I'm waiting for the COVID-19 situation to settle down so that the shipping price between DE and AU can come down from the stratosphere. I'm open to other "open hardware" alternatives too -- contact me off-list about that. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
