Error connecting to YubiKey being in new combined mode OTP+CCID+U2F
Plugin for Keepass2 to add Yubikey challenge-response capability
Brought to you by:
brush701
Menu
▾
▴
#12 Error connecting to YubiKey being in new combined mode OTP+CCID+U2F
Starting from the latest NEO manager application (v1.0.0) there's a possibility to enable all three modes in a row: OTP+CCID+U2F. But when I do so, KeeChallenge fails to authenticate. When I roll back to OTP+CCID only, everything works fine.
The symptoms are as follows: I get an "Error connecting to YubiKey" error windo, which then loops if I press the retry button, until I click the cancel button. After that the KeePass login window comes back.
Environment
KeePass 2.28
KeeChallange 1.2
Windows 7 x64
Yubikey NEO v3.3
As I also just posted under Discussions, what ended up solving the problem for me was updating the yubico-personalization library to the latest version available from https://developers.yubico.com/yubikey-personalization/Releases/
I did try this, however I'm still not able to get KeePass to connect in either OTP+U2F or OTP+CCID+U2F modes. KP will only accept the key in OTP-only mode. I also updated NEO Manager to 1.1.0, and the Personalization tool to the current latest. Any other suggestions?
Hi guys,
I'm having the same problem as Mike, specifically trying to use OTP+U2F. I've updated the yubikey libraries to 1.16.2.
Perhaps Mibar or niceuser could describe if they did anything more than copy the updated library files:
libjson-0.dll
libjson-c-2.dll
libykpers-1-1.dll
libyubikey-0.dll
to the appropriate 32bit/64bit directories under the Keepass.exe directory?
OTP alone works perfectly fine.
I'm on Windows 7-64, Yubikey Neo 3.3.0, Keepass 2.28, KeeChallenge 1.2. I'm using slot-2 on the Yubikey.
I've also posted this in the discussion forum.
Guys, just a status update at this point. I'm aware that there's a problem here, but I don't have my hands on a yubikey with 3.3 firmware yet. Thanks to a generous donation from Mike I've purchased one and it should be here soon. Once I get my hands on it I should be able to debug this problem quickly. Sorry for the inconvenience.
I got the yubikey yesterday and have been working to resolve this. I'm having difficulty replicating the behavior you are all seeing. The closest I got was a completely fresh install of keepass/keechallenge on a win7x64 machine. In that configuration, I got the "unable to connect" error, but updating the yubico libraries to v1.16.2 fixed it. The procedure for updating is just to copy the new libraries into the "32 bit" and "64 bit" directories appropriately. For me, only the 64 bit libraries were needed, but it's a good idea to update the 32 bit ones as well. Keepass is a .NET application and can run in 32 or 64 bit mode on demand. There's a chance that something could cause it to run as 32 bit, requiring the updated 32 bit libraries. I'm going to push a new version of keechallenge momentarily that will include the most recent yubikey libraries.
All that said, it looks like you have all done this and are still seeing the problem. Here is the configuration I've successfully tested on both Win7 and Win8.1 64 bit:
Yubikey Neo firmware 3.3.0
yubikey-personalization library 1.16.2
Keepass 2.28
Keechallenge 1.2
Slot 2 programmed for HMAC-SHA1 challenge response, fixed length
As far as I can tell, this mirrors your configurations quite closely. Can any of you see something I'm missing on that front? I'm really hoping to get this resolved for you.
Glad to hear you got the YubiKey!
Just loaded up 1.3 with the updated libs in Windows8 x64, and it works in all the places I normally use it: KeePass, KeePass2Android (via NFC), and it recognizes perfectly as a U2F device on my Google account.
I'm on Win7 x86 at work - I'll try it there on Friday with the same build (I run KeePass from Google Drive).
Thanks for jumping on this!
1.3 works well, thank you!
Ben, you've done an amazing job of looking into this problem even over the Christmas period.
The new version 1.3 worked for me perfectly. I tried a couple of different machines and some different Yubikeys in different modes and all were fine. Having two Yubikeys installed at the same time can be problematic, but think that might just be for the user to sort out!
Perhaps (?) when I had previously updated the libraries manually I missed some files. I know I was focussing on the 64bit version and it seems .NET might have been running in 32bit mode even though I'm on Win7-64.
Either way, the 1.3 version with the new libraries incorporated into it works great.
Thank you!!