1

I've got a pretty basic password/OTP set up on macOS:

  • my YubiKey has the sig/aut/enc subkeys to encrypt/decrypt my passwords in the password store
  • my OTPs are solely on my YubiKey - I use the Yubikey Authenticator macOS app to generate them

This setup works pretty well except for some weird issues:

  • if I insert the YubiKey and I generate an OTP via the YubiKey authenticator, I can't decrypt passwords anymore as the gpg-agent/pinentry doesn't recognize the card anymore.
  • if I insert the YubiKey and unlock the card to decrypt a password, the YubiKey Authenticator app no longer recognizes the YubiKey.

This results in having to unplug/plug in the YubiKey several times daily, which is annoying.

Any tips on where the issue could come from?

Improve this question
3
  • 1
    I forget what Yubico application it is, but at least one doesn't play nice with gpg and once the YubiKey is recognized in one, it can't be recognized in the other. I can't recall if it's Authenticator or not
    – JW0914
    Commented Dec 2, 2023 at 11:59
  • Thanks for the answer! So this is a common thing then? I don't want to leave GPG for my passwords but I also don't want to add the OTPs directly into my password store.
    – tpschmidt
    Commented Dec 3, 2023 at 13:15
  • I don't recall the specific Yubico GUI program, but one of them results in either the Yubico application having access to the hardware key or gpg having access to the hardware key, but not both (I don't know if it's the Yubico Authenticator, but it is one of the GUI apps, as the Yubico CLI apps don't create access issues that I've found)
    – JW0914
    Commented Dec 3, 2023 at 13:30

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .