age-plugin-yubikey icon indicating copy to clipboard operation
age-plugin-yubikey copied to clipboard

Published 20 hours ago verified publisher icon str4d

UX: timing of when to touch the YubiKey during identity generation is not clear

Open jason-yost-jamf opened this issue 1 year ago • 0 comments

What were you trying to do

When attempting to set up the initial identity on the YubiKey there is a step after PIN entry where the plugin prompts the user to touch the YubiKey. (This prompt was not preserved in my Terminal output.) However, after touching the YubiKey, the plugin fails to generate the identity.

After a lot of fussing and experimenting, I discovered that if I touch the YubiKey before running the plugin command, and if I run through the prompts quickly enough, the plugin does not prompt me to touch and the identity generation succeeds.

My setup is an Apple Silicon MacBook Pro running macOS 12.2. I used Terminal.app with age-plugin-yubikey version 0.3.0. My YubiKey is a YubiKey 5 NFC with firmware 5.4.3.

What happened

setup@Cheonmachong age-plugin-yubikey % ./age-plugin-yubikey
[INFO  i18n_embed::requester] Current Locale: [LanguageIdentifier { language: Language(Some("en")), script: None, region: Some(Region("US")), variants: None }]
[DEBUG i18n_embed] Selecting translations for domain "age_plugin_yubikey"
[DEBUG i18n_embed] Searching for available languages, found language file: "en-US/age_plugin_yubikey.ftl"
[DEBUG i18n_embed] Requested Languages: [LanguageIdentifier { language: Language(Some("en")), script: None, region: Some(Region("US")), variants: None }]
[DEBUG i18n_embed] Available Languages: [LanguageIdentifier { language: Language(Some("en")), script: None, region: Some(Region("US")), variants: None }]
[DEBUG i18n_embed] Supported Languages: [LanguageIdentifier { language: Language(Some("en")), script: None, region: Some(Region("US")), variants: None }]
[DEBUG i18n_embed] Attempting to load language file: "en-US/age_plugin_yubikey.ftl"
[DEBUG i18n_embed::fluent] Loaded language file: "en-US/age_plugin_yubikey.ftl" for language: "en-US"
✨ Let's get your YubiKey set up for age! ✨

This tool can create a new age identity in a free slot of your YubiKey.
It will generate an identity file that you can use with an age client,
along with the corresponding recipient. You can also do this directly
with:
    age-plugin-yubikey --generate

If you are already using a YubiKey with age, you can select an existing
slot to recreate its corresponding identity file and recipient.

When asked below to select an option, use the up/down arrow keys to
make your choice, or press [Esc] or [q] to quit.

[INFO  yubikey::yubikey] connected to reader: Yubico YubiKey OTP+FIDO+CCID
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] }
[TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 4, 3] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [1, 17, 241, 73] }
[INFO  yubikey::yubikey] connected to reader: Yubico YubiKey OTP+FIDO+CCID
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] }
[TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 4, 3] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [1, 17, 241, 73] }
[INFO  yubikey::yubikey] connected to reader: Yubico YubiKey OTP+FIDO+CCID
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] }
[TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 4, 3] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [1, 17, 241, 73] }
[INFO  yubikey::yubikey] connected to reader: Yubico YubiKey OTP+FIDO+CCID
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] }
[TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 4, 3] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [1, 17, 241, 73] }
🔑 Select a YubiKey: Yubico YubiKey OTP+FIDO+CCID (Serial: 17953097)
[INFO  yubikey::yubikey] connected to reader: Yubico YubiKey OTP+FIDO+CCID
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] }
[TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 4, 3] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [1, 17, 241, 73] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 5] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 5]
[TRACE yubikey::apdu] <<< Response { status_words: Other(24922), data: [83, 130, 1, 86, 112, 130, 1, 77, 48, 130, 1, 73, 48, 129, 240, 160, 3, 2, 1, 2, 2, 20, 72, 245, 43, 55, 128, 115, 140, 152, 116, 1, 21, 218, 153, 41, 33, 220, 139, 80, 222, 173, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 32, 23, 13, 50, 50, 48, 52, 51, 48, 50, 48, 53, 55, 50, 55, 90, 24, 15, 50, 48, 53, 50, 48, 52, 51, 48, 48, 48, 48, 48, 48, 48, 90, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 53, 134, 114, 18, 186, 241, 97, 161, 216, 170, 179, 160, 100, 60, 236, 219, 181, 23, 23, 166, 185, 161, 196, 43, 227, 143, 111, 153, 237, 36, 23, 94, 174, 138, 129, 43, 80, 75, 226, 95, 50, 62, 68, 52, 110, 92, 236, 64, 15, 171, 81, 94, 63, 106, 63, 72, 183, 234, 115, 61, 171, 139, 100, 5, 48] }
[TRACE yubikey::transaction] The card indicates there is 90 bytes more data for us
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetResponseApdu, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 192, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 7, 88, 209, 113, 52, 183, 164, 41, 5, 12, 202, 89, 130, 212, 25, 124, 179, 58, 210, 131, 127, 117, 151, 214, 119, 101, 164, 161, 124, 218, 145, 152, 2, 33, 0, 204, 40, 113, 255, 223, 224, 227, 7, 179, 91, 111, 147, 204, 95, 244, 186, 162, 35, 81, 38, 126, 199, 169, 116, 1, 57, 98, 117, 171, 72, 20, 109, 113, 1, 0, 254, 0] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 10] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 10]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 11] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 11]
[TRACE yubikey::apdu] <<< Response { status_words: Other(24922), data: [83, 130, 1, 86, 112, 130, 1, 77, 48, 130, 1, 73, 48, 129, 240, 160, 3, 2, 1, 2, 2, 20, 72, 90, 230, 128, 21, 70, 178, 46, 56, 206, 129, 108, 124, 51, 69, 230, 123, 39, 147, 236, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 32, 23, 13, 50, 50, 48, 52, 51, 48, 50, 48, 53, 55, 50, 55, 90, 24, 15, 50, 48, 53, 50, 48, 52, 51, 48, 48, 48, 48, 48, 48, 48, 90, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 193, 167, 14, 132, 93, 63, 26, 162, 81, 1, 157, 33, 167, 246, 41, 170, 215, 114, 197, 123, 122, 118, 86, 44, 234, 85, 244, 127, 16, 188, 188, 199, 255, 121, 32, 217, 173, 208, 101, 165, 183, 83, 228, 60, 173, 167, 2, 22, 237, 139, 43, 220, 154, 217, 254, 168, 0, 253, 13, 119, 187, 94, 170, 79, 48] }
[TRACE yubikey::transaction] The card indicates there is 90 bytes more data for us
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetResponseApdu, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 192, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 17, 197, 47, 199, 192, 23, 194, 244, 2, 105, 10, 241, 226, 38, 87, 194, 123, 67, 187, 51, 151, 76, 11, 29, 241, 185, 31, 104, 182, 226, 33, 171, 2, 33, 0, 251, 48, 93, 238, 118, 117, 196, 76, 112, 236, 255, 89, 223, 29, 230, 201, 65, 221, 175, 217, 249, 196, 7, 206, 239, 182, 75, 253, 10, 34, 240, 144, 113, 1, 0, 254, 0] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 13] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 13]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 14] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 14]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 15] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 15]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 16] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 16]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 17] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 17]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 18] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 18]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 19] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 19]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 20] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 20]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 21] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 21]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 22] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 22]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 23] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 23]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 24] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 24]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 25] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 25]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 26] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 26]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 27] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 27]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 28] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 28]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 29] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 29]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 30] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 30]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 31] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 31]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 32] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 32]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 1] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 1]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
🕳️  Select a slot for your age identity: Slot 1 (Empty)
📛 Name this identity [age identity TAG_HEX]: Passwords
🔤 Select a PIN policy: Always (A PIN is required for every decryption, if set)
👆 Select a touch policy: Never  (A physical touch is NOT required to decrypt)
Generate new identity in slot 1? yes

[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 5] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 5]
[TRACE yubikey::apdu] <<< Response { status_words: Other(24922), data: [83, 130, 1, 86, 112, 130, 1, 77, 48, 130, 1, 73, 48, 129, 240, 160, 3, 2, 1, 2, 2, 20, 72, 245, 43, 55, 128, 115, 140, 152, 116, 1, 21, 218, 153, 41, 33, 220, 139, 80, 222, 173, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 32, 23, 13, 50, 50, 48, 52, 51, 48, 50, 48, 53, 55, 50, 55, 90, 24, 15, 50, 48, 53, 50, 48, 52, 51, 48, 48, 48, 48, 48, 48, 48, 90, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 53, 134, 114, 18, 186, 241, 97, 161, 216, 170, 179, 160, 100, 60, 236, 219, 181, 23, 23, 166, 185, 161, 196, 43, 227, 143, 111, 153, 237, 36, 23, 94, 174, 138, 129, 43, 80, 75, 226, 95, 50, 62, 68, 52, 110, 92, 236, 64, 15, 171, 81, 94, 63, 106, 63, 72, 183, 234, 115, 61, 171, 139, 100, 5, 48] }
[TRACE yubikey::transaction] The card indicates there is 90 bytes more data for us
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetResponseApdu, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 192, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 7, 88, 209, 113, 52, 183, 164, 41, 5, 12, 202, 89, 130, 212, 25, 124, 179, 58, 210, 131, 127, 117, 151, 214, 119, 101, 164, 161, 124, 218, 145, 152, 2, 33, 0, 204, 40, 113, 255, 223, 224, 227, 7, 179, 91, 111, 147, 204, 95, 244, 186, 162, 35, 81, 38, 126, 199, 169, 116, 1, 57, 98, 117, 171, 72, 20, 109, 113, 1, 0, 254, 0] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 10] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 10]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 11] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 11]
[TRACE yubikey::apdu] <<< Response { status_words: Other(24922), data: [83, 130, 1, 86, 112, 130, 1, 77, 48, 130, 1, 73, 48, 129, 240, 160, 3, 2, 1, 2, 2, 20, 72, 90, 230, 128, 21, 70, 178, 46, 56, 206, 129, 108, 124, 51, 69, 230, 123, 39, 147, 236, 48, 10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 32, 23, 13, 50, 50, 48, 52, 51, 48, 50, 48, 53, 55, 50, 55, 90, 24, 15, 50, 48, 53, 50, 48, 52, 51, 48, 48, 48, 48, 48, 48, 48, 90, 48, 36, 49, 34, 48, 32, 6, 3, 85, 4, 3, 12, 25, 89, 117, 98, 105, 99, 111, 32, 80, 73, 86, 32, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, 61, 3, 1, 7, 3, 66, 0, 4, 193, 167, 14, 132, 93, 63, 26, 162, 81, 1, 157, 33, 167, 246, 41, 170, 215, 114, 197, 123, 122, 118, 86, 44, 234, 85, 244, 127, 16, 188, 188, 199, 255, 121, 32, 217, 173, 208, 101, 165, 183, 83, 228, 60, 173, 167, 2, 22, 237, 139, 43, 220, 154, 217, 254, 168, 0, 253, 13, 119, 187, 94, 170, 79, 48] }
[TRACE yubikey::transaction] The card indicates there is 90 bytes more data for us
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetResponseApdu, p1: 0, p2: 0, data: [] }
[TRACE yubikey::transaction] >>> [0, 192, 0, 0, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [10, 6, 8, 42, 134, 72, 206, 61, 4, 3, 2, 3, 72, 0, 48, 69, 2, 32, 17, 197, 47, 199, 192, 23, 194, 244, 2, 105, 10, 241, 226, 38, 87, 194, 123, 67, 187, 51, 151, 76, 11, 29, 241, 185, 31, 104, 182, 226, 33, 171, 2, 33, 0, 251, 48, 93, 238, 118, 117, 196, 76, 112, 236, 255, 89, 223, 29, 230, 201, 65, 221, 175, 217, 249, 196, 7, 206, 239, 182, 75, 253, 10, 34, 240, 144, 113, 1, 0, 254, 0] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 13] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 13]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 14] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 14]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 15] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 15]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 16] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 16]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 17] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 17]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 18] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 18]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 19] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 19]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 20] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 20]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 21] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 21]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 22] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 22]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 23] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 23]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 24] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 24]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 25] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 25]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 26] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 26]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 27] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 27]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 28] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 28]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 29] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 29]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 30] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 30]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 31] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 31]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 32] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 32]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 1] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 1]
[TRACE yubikey::apdu] <<< Response { status_words: NotFoundError, data: [] }

Enter PIN for YubiKey with serial 17953097 (default is 123456): [hidden]
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: Verify, p1: 0, p2: 128, data: [54, 50, 53, 50, 50, 57, 54, 51] }
[TRACE yubikey::transaction] >>> [0, 32, 0, 128, 8, 54, 50, 53, 50, 50, 57, 54, 51]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [] }
[TRACE yubikey::transaction] going to send 5 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetData, p1: 63, p2: 255, data: [92, 3, 95, 193, 9] }
[TRACE yubikey::transaction] >>> [0, 203, 63, 255, 5, 92, 3, 95, 193, 9]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [83, 28, 136, 26, 137, 24, 4, 246, 42, 150, 19, 33, 134, 31, 113, 119, 168, 252, 94, 163, 212, 52, 208, 136, 141, 249, 147, 63, 160, 222] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: Authenticate, p1: 3, p2: 155, data: [124, 2, 128, 0] }
[TRACE yubikey::transaction] >>> [0, 135, 3, 155, 4, 124, 2, 128, 0]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [124, 10, 128, 8, 155, 71, 30, 235, 209, 7, 247, 53] }
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: Authenticate, p1: 3, p2: 155, data: [124, 20, 128, 8, 20, 211, 92, 211, 71, 129, 29, 223, 129, 8, 65, 21, 180, 116, 187, 129, 123, 142] }
[TRACE yubikey::transaction] >>> [0, 135, 3, 155, 22, 124, 20, 128, 8, 20, 211, 92, 211, 71, 129, 29, 223, 129, 8, 65, 21, 180, 116, 187, 129, 123, 142]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [124, 10, 130, 8, 23, 227, 221, 4, 198, 241, 241, 68] }
[TRACE yubikey::transaction] going to send 11 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GenerateAsymmetric, p1: 0, p2: 130, data: [172, 9, 128, 1, 17, 170, 1, 3, 171, 1, 1] }
[TRACE yubikey::transaction] >>> [0, 71, 0, 130, 11, 172, 9, 128, 1, 17, 170, 1, 3, 171, 1, 1]
[TRACE yubikey::apdu] <<< Response { status_words: Success, data: [127, 73, 67, 134, 65, 4, 219, 38, 32, 188, 217, 239, 31, 213, 51, 50, 2, 31, 217, 224, 17, 118, 141, 204, 154, 2, 213, 1, 193, 53, 139, 51, 42, 128, 132, 177, 63, 134, 154, 206, 207, 232, 7, 46, 75, 231, 137, 164, 23, 165, 146, 34, 206, 50, 66, 179, 228, 170, 62, 217, 114, 184, 1, 95, 85, 253, 30, 35, 181, 203] }
[TRACE yubikey::transaction] going to send 38 bytes in this go
[TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: Authenticate, p1: 17, p2: 130, data: [124, 36, 130, 0, 129, 32, 153, 26, 233, 128, 4, 156, 65, 216, 110, 159, 11, 59, 208, 155, 54, 17, 174, 123, 207, 22, 79, 162, 220, 42, 193, 225, 88, 85, 139, 239, 93, 127] }
[TRACE yubikey::transaction] >>> [0, 135, 17, 130, 38, 124, 36, 130, 0, 129, 32, 153, 26, 233, 128, 4, 156, 65, 216, 110, 159, 11, 59, 208, 155, 54, 17, 174, 123, 207, 22, 79, 162, 220, 42, 193, 225, 88, 85, 139, 239, 93, 127]
[TRACE yubikey::apdu] <<< Response { status_words: SecurityStatusError, data: [] }
[ERROR yubikey::transaction] failed sign command with code 6982
Error: Error while communicating with YubiKey: authentication error

[ Did this not do what you expected? Could an error be more useful? ]
[ Tell us: https://str4d.xyz/age-plugin-yubikey/report              ]

jason-yost-jamf avatar Jul 18 '22 12:07 jason-yost-jamf