Comments (7)
It didn't work for me (even after enabling the policy and rebooting)
from wincryptsshagent.
Are you using the Yubico MiniDriver for your key or the default Windows card services driver? Check your Device Manager and see how the key is listed.
from wincryptsshagent.
https://www.yubico.com/authentication-standards/smart-card/
YubiKey smart card minidriver
The YubiKey Smart Card Minidriver provides additional smart functionality; certificate and PIN management via the native Windows user interface, support for ECC key algorithms, set touch policy for private key use.
Minidriver for Windows OS
A Minidriver for the Windows OS that allows smart card management in the native Windows interface and adds support for ECC key algorithms. Download the YubiKey Smart Card Minidriver from our downloads page.
from wincryptsshagent.
Please try to use RSA2048 instead of ECCP384 to generate key pairs and certificates. Some settings may cause the ECC certificate to be unusable.
See also:
- https://docs.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration
- https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.SmartCard::EnumerateECCCerts
from wincryptsshagent.
Ran into this today as well, created a PR #44 to add a note about this in the documentation. After enabling ECC keys it worked.
from wincryptsshagent.
@dschaper The default I think, I didn't install anything from Yubico, except ykman
(it's a fresh Windows install)
from wincryptsshagent.
Same Issue here.
PS C:\Users\GottZ> yubico-piv-tool.exe -a status
Version: 5.2.7
Serial Number: 12509791
CHUID: No data available
CCC: No data available
Slot 9a:
Algorithm: ECCP384
Subject DN: CN=SSH key
Issuer DN: CN=SSH key
Fingerprint: 1e39e4d7562a984d7f82f60638bcb2e2db83f9a4a7c39a369b30053de22c2518
Not Before: Sep 23 09:55:54 2021 GMT
Not After: Sep 23 09:55:54 2022 GMT
PIN tries left: 3
PS C:\Users\GottZ> ykman piv info
PIV version: 5.2.7
PIN tries remaining: 3
Management key algorithm: TDES
Management key is stored on the YubiKey, protected by PIN.
CHUID: No data available.
CCC: No data available.
Slot 9a:
Algorithm: ECCP384
Subject DN: CN=SSH key
Issuer DN: CN=SSH key
Serial: 16774689833571667083
Fingerprint: 1e39e4d7562a984d7f82f60638bcb2e2db83f9a4a7c39a369b30053de22c2518
Not before: 2021-09-23 09:55:54
Not after: 2022-09-23 09:55:54
PS C:\Users\GottZ> ssh-add -s "C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll"
Enter passphrase for PKCS#11:
Could not add card "C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll": agent refused operation
certmgr.msc
doesn't list the key either.
EnumerateECCCerts
is set to 1
device manager lists it properly as smartcard
I'm on Windows 11 Pro
OpenSSH is not started. I can't get libykcs11.dll
to work with it either.
I have no problems using this key with PIV on a native Archlinux installation.
ssh-add -L
should spit out my ecdsa-sha2-nistp384
key from the yubikey but does not.
I do have gpg4win installed but no daemon is running right now.
from wincryptsshagent.
Related Issues (20)
- The smart card cannot peform the requested operation or the operation requires a different smart card HOT 11
- Feature Request: Pop up when SSH-Agent is waiting for a touch YubiKey
- SecureCRT SSH agent forwarding not working HOT 1
- Unload or remove Key if the according Yubikey is not inserted
- WSL2 hangs on first boot
- Error: "sign_and_send_pubkey: signing failed: agent refused operation" but "ssh-add -T" works for key
- Can this be done with pgp?
- Error Alert on startup HOT 1
- rve
- How to use with Pageant? HOT 2
- WSL2 socket file is world readable and in predictable location
- Use case from Android mobile device?
- The key in yubikey has been changed, but the key in WinCryptSSHAgent is still old, how to update it? HOT 2
- Unrecognizable ECC public key
- Enabling hyper-v plugin install service error
- Termius
- open \\.\pipe.openssh-ssh-agant:Access is denied HOT 7
- The already running agent refused to add the key HOT 1
- Multiple references to same privkey = key multiply loaded by agent HOT 1
- Windows ARM64 Support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wincryptsshagent.