yubioath-android
yubioath-android copied to clipboard
Yubico
Error in YubiKey communication
Hi,
I have bought two NEO keys. Tested on OnePlus 5 and Huawei 20p lite.
On all combinations of the four, it says "Error in YubiKey communication".
I have tried toggling the NFC options in settings to see if they would have any effect but no improvement.
Is there a way to get more debugging information?
Just to completely exclude issues with the keys, have you tried connecting them physically through the device's usb? You may also try building the application from source and running it on your devices in debug mode, that'll surely provide more information.
Here you go. In case you need to rebuild one later, the readme offers some instructions to do so :)
I have tried toggling the NFC options in settings to see if they would have any effect but no improvement
Thank you for this comment. I had this problem until I changed the setting called "Disable NFC Reader mode". Just wanted to leave this here in case any find this thread the way I did.
I just had the same error message appear after using the Yubico Authenticator app to add a new TOTP token to a Yubikey 5 NFC.
After scanning the QR code and writing the new token to the key, I would receive the error, "Error in YubiKey Communication" whenever I tried to read the tokens using NFC or via the desktop application using USB. I tested the key on two different mobile phones and two different laptops and always received the same error.
Something must have gone wrong when writing the new TOTP token to the key, resulting in a corrupted entry.
I was able to recover access to all the other TOTP tokens on the key by deleting the corrupted entry using the ykman CLI tool.
Steps:
-
List all TOTP entries on the key:
$ ykman oath list -
Find the name of the broken entry (probably the name of the site you're trying to add credentials for) and delete the broken entry from the key:
$ ykman oath delete EntryName
(The delete command takes a "query" parameter which should match the name of the entry. You will be asked to confirm deletion of this entry.)
- After confirming deletion, remove your Yubikey from the USB port and scan it with your phone again, or open it in the Yubico Authenticator desktop app, and you should find that all your other tokens are working.
- After confirming deletion, remove your Yubikey from the USB port and scan it with your phone again, or open it in the Yubico Authenticator desktop app, and you should find that all your other tokens are working.
Thank you Kyle, you ended a stressful few minutes for me there - thought I had lost my backup key!
I had the same issue manually adding an account to two YubiKeys using the Authenticator App on my phone (using NFC, it had worked flawlessly over USB so far). I got an error message that the account already existed (I guess from adding to the primary key - this was the backup key) then I got an NFC error. From then on, whenever I tried to view the credentials on my computer via USB, it was blank - and the phone just produced an NFC error.
I used your suggestion and deleted the suspect entry with ykman and the backup key worked again! I was able to manually add the account via USB. Seems to be safer, will do that even if it means typing in the long term password from now on.
So I'm getting these same problems, and tried all the solutions here but I'm still getting the same error. when I looked at the logcat I see this error popping up.
Error using OathClient java.io.IOException: Transceive length exceeds supported maximum at android.nfc.TransceiveResult.getResponseOrThrow(TransceiveResult.java:50) at android.nfc.tech.BasicTagTechnology.transceive(BasicTagTechnology.java:151) at android.nfc.tech.IsoDep.transceive(IsoDep.java:172) at com.yubico.yubikitold.transport.nfc.NfcIso7816Connection.send(NfcIso7816Connection.java:30) at com.yubico.yubikitold.application.AbstractApplication.doSend(AbstractApplication.java:39) at com.yubico.yubikitold.application.AbstractApplication.select(AbstractApplication.java:49) at com.yubico.yubikitold.application.oath.OathApplication.select(OathApplication.java:67) at com.yubico.yubioath.client.OathClient.<init>(OathClient.kt:24) at com.yubico.yubioath.ui.BaseActivity.useTransport$suspendImpl(BaseActivity.kt:144) at com.yubico.yubioath.ui.BaseActivity.useTransport(Unknown Source:0) at com.yubico.yubioath.ui.main.MainActivity.useTransport(MainActivity.kt:119) at com.yubico.yubioath.ui.BaseActivity$onYubiKey$$inlined$let$lambda$1.invokeSuspend(BaseActivity.kt:126) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(Dispatched.kt:233) at android.os.Handler.handleCallback(Handler.java:883) at android.os.Handler.dispatchMessage(Handler.java:100) at android.os.Looper.loop(Looper.java:214) at com.yubico.yubikitold.YubiKitManager$YkIoWorker$1.run(YubiKitManager.java:133) at java.lang.Thread.run(Thread.java:919)
I have a different IOException on Fairphone 3 (Android 10):
03-14 22:51:46.159 24132 24155 E yubioath: Error reading NDEF tag.
03-14 22:51:46.159 24132 24155 E yubioath: java.io.IOException
03-14 22:51:46.159 24132 24155 E yubioath: at android.nfc.tech.BasicTagTechnology.connect(BasicTagTechnology.java:85)
03-14 22:51:46.159 24132 24155 E yubioath: at android.nfc.tech.Ndef.connect(Ndef.java:71)
03-14 22:51:46.159 24132 24155 E yubioath: at b.c.a.b.a.h.c(Unknown Source:17)
03-14 22:51:46.159 24132 24155 E yubioath: at b.c.a.b.a.h.b(Unknown Source:0)
03-14 22:51:46.159 24132 24155 E yubioath: at com.yubico.yubioath.ui.main.MainActivity.a(Unknown Source:20)
03-14 22:51:46.159 24132 24155 E yubioath: at b.c.b.e.g.c(Unknown Source:40)
03-14 22:51:46.159 24132 24155 E yubioath: at c.c.b.a.a.a(Unknown Source:9)
03-14 22:51:46.159 24132 24155 E yubioath: at kotlinx.coroutines.U.run(Unknown Source:65)
03-14 22:51:46.159 24132 24155 E yubioath: at android.os.Handler.handleCallback(Handler.java:883)
03-14 22:51:46.159 24132 24155 E yubioath: at android.os.Handler.dispatchMessage(Handler.java:100)
03-14 22:51:46.159 24132 24155 E yubioath: at android.os.Looper.loop(Looper.java:214)
03-14 22:51:46.159 24132 24155 E yubioath: at b.c.a.a.run(Unknown Source:12)
03-14 22:51:46.159 24132 24155 E yubioath: at java.lang.Thread.run(Thread.java:919)
03-14 22:51:46.162 24132 24155 E yubioath: Error using OathClient
I've just encountered the same issue when setting-up a new key.
I was trying to add an account from a QR code, which had auto-filled the account name to be the same as an existing one. I received the "account already existed" error, and the key became unusable after that until I manually fixed using the steps @noevidenz listed.
It's quite likely that this issue will crop-up again since email address is a common account name, so I'm going to make sure to manually edit the suggested account name from now on. This issue could be prevented if perhaps the combination of provider + account name was taken to be the unique identifier, rather than the account name only? If not, I still think the app shouldn't be leaving the key in an unusable state.
I just had the same error message appear after using the Yubico Authenticator app to add a new TOTP token to a Yubikey 5 NFC.
After scanning the QR code and writing the new token to the key, I would receive the error, "Error in YubiKey Communication" whenever I tried to read the tokens using NFC or via the desktop application using USB. I tested the key on two different mobile phones and two different laptops and always received the same error.
Something must have gone wrong when writing the new TOTP token to the key, resulting in a corrupted entry.
I was able to recover access to all the other TOTP tokens on the key by deleting the corrupted entry using the
ykmanCLI tool.Steps:
- List all TOTP entries on the key:
$ ykman oath list- Find the name of the broken entry (probably the name of the site you're trying to add credentials for) and delete the broken entry from the key:
$ ykman oath delete EntryName(The delete command takes a "query" parameter which should match the name of the entry. You will be asked to confirm deletion of this entry.)
- After confirming deletion, remove your Yubikey from the USB port and scan it with your phone again, or open it in the Yubico Authenticator desktop app, and you should find that all your other tokens are working.
Unfortunately, I'm stuck at step one. I downloaded the YubiKey Manager (I'm hoping that is what you meant by ykman CLI tool as this is the result Google gave me). Please let me know if I am wrong. If correct then how do I list all TOTP entries on the key? Any assistance is highly appreciated. Thank you.
Hey @chronox12, the ykman tool I mentioned above is the command line tool. It sounds like you might've installed the graphical tool, but that's okay - the command line tool comes bundled with it.
If you're on Windows, the ykman tool might already be in your path, so launch the command prompt and run ykman. If it can find the command, run through the steps I outlined above. If it says it can't find the command, navigate to wherever the Yubikey Manager is installed, find the folder with "ykman.exe" in it and then run the commands from the list above.
If you're on MacOS, open up a terminal and run which ykman. If it outputs a path, you're ready to go. If it doesn't output anything, just navigate to to/Applications/Yubikey\ Manager.app/Contents/MacOS, you'll then be able to see a file called ykman, which is the tool you're looking for.
If either of those options don't work for you, here is the documentation for the command line tool, along with instructions for installing it directly.
I recently hit an NFC communication error as reported in various issues around this repo
I tried the ykman procedure and it did restore the credentials on the phone. The desktop yubico authenticator app doesn't seem to see any of the accounts event though ykman oath accounts list finds them just fine.
I just had the same error message appear after using the Yubico Authenticator app to add a new TOTP token to a Yubikey 5 NFC.
After scanning the QR code and writing the new token to the key, I would receive the error, "Error in YubiKey Communication" whenever I tried to read the tokens using NFC or via the desktop application using USB. I tested the key on two different mobile phones and two different laptops and always received the same error.
Something must have gone wrong when writing the new TOTP token to the key, resulting in a corrupted entry.
I was able to recover access to all the other TOTP tokens on the key by deleting the corrupted entry using the
ykmanCLI tool.Steps:
- List all TOTP entries on the key:
$ ykman oath list- Find the name of the broken entry (probably the name of the site you're trying to add credentials for) and delete the broken entry from the key:
$ ykman oath delete EntryName(The delete command takes a "query" parameter which should match the name of the entry. You will be asked to confirm deletion of this entry.)
- After confirming deletion, remove your Yubikey from the USB port and scan it with your phone again, or open it in the Yubico Authenticator desktop app, and you should find that all your other tokens are working.
Thanks for the fix, it sorted out my 5c NFC key today, much appreciated!
Sorry for the late response. The development of the app moved to https://github.com/Yubico/yubioath-flutter. We have released a new version of the app, please verify whether the communication issues are still present in the new version and eventually open a new issue in the new repository.
