Android: can no longer open Yubikey-locked safes
Brought to you by:
jeffharris
Menu
▾
▴
#91 Android: can no longer open Yubikey-locked safes
Since the last update, I can no longer open my safes. I've got a Yubikey NEO, accessed via NFC. When I enter my password, hit "open", then touch my key to the phone I get
Error communicating with the YubiKey:
java.io.IOException: Unexpected SW
I can still unlock the safes fine on my Windows system, and on my Mac at work. I can also get into the YubiKey authenticator on my phone via NFC. So that rules out the safe, key or phone, leaving only the app.
Discussion
Anonymous
From the authenticator app, what version of software is on the NEO? Mine is working OK on my test Pixel and Pixel 5 phones.
Are you using the correct slot on the key? The top-right menu allows you to select. The default should be the second slot.
When using the key, do you press and hold it against the phone until the file opens? Or, is it a quick tap and remove? I get best results keeping the key pressed until the file opens, not just until the tone is heard.
The authenticator says firmware 3.5.0.
I tried changing the slot, in case that was the problem. I get some other error on the other slot.
I hold the key against the phone until the file opens or the error message appears.
Well, okay, since my reply to you is still stuck in moderation after a week, let's try after registering an account...
The firmware on the YubiKey is 3.5.0. I've tried both slots, the other one had a different error message. I press and hold until the error message appears.
Is your key setup to require a touch to use the challenge-response app on slot 2?
Yes, it's set to use touch on slot 2. I just now unlocked it using the Mac app to get my password to log in here on Sourceforge, and I use the Windows app at home, the same way.
...also I've just tried it again with my phone, and it's worked (?!?!?!). So it looks like the problem is intermittent.
e: actually, I hadn't tried this again since updating my phone, which I did yesterday. Maybe it was actually a Samsung/NFC problem, and the latest phone update fixed it?
Last edit: Yuri Habadakas 2023-09-27
...No, it's still happening :(
I'm seeing the same error on Moto G84. Android 13 (september update), PasswdSafe 6.23.3. Changing slots does not help. But the same key works reliably with Nokia XR21, also Android 13 (october update), also PasswdSafe 6.23.3.
Moto G84 also works intermittently. I can open PasswdSafe sometimes, if I move the Yubikey quickly around the back. Error message comes if I place it firmly on NFC reader. If I retry with the key before timeout, it usually tries to open the Yubico website and display the stored key.
Would either of you be able to install a test version of the app which enables some debug logging? It will log your password, so I'd recommend using a test file. Send me a direct message or email to jeffharris@users.sourceforge.net with the email address you use for your Google account on the phone so I can add you to an internal testing group.
I had the same error message on my Samsung S9. In the meantime, I have a Pixel 9 Pro and at the beginning the error was gone. Unfortunately, I have the same problem again in the meantime. Was there a solution to this?
No, there is no resolution to the issue. There is some logging that can be enabled, but it's a bit of an involved process. Another user seems to be investigating.
Same problem now:-( Things worked in the past. Older Yubikey NFC FW 3.2.0, Pixel8a, PasswdSafe 6.24.0.
Additional data point to the above, a new Yubikey 5c NFC FW 5.7.1 works with the same Pixel8a, PasswdSafe 6.24.0 just fine.
That's good to know. My older yubikey still works, so it's rough debugging this problem.
I started to see this happen approximately a month or two ago on a Pixel 7. Was absolutely fine for years on various phones up until then, and suddenly I started getting this "SW" error. It's an older USB Type A yubikey.
The NFC is working because if i scan it outside of password safe i see the key on the yubikey site
See this issue: https://github.com/jefftharris/passwdsafe/issues/27 A fix has been identified, and a release is being setup.
Fixed with 6.25.1