Using GlobalPlatformPro (results are similar with or without sudo), here is the result of running the following command twice:
Downloads/GlobalPlatformPro/tool on master
➜ gp -list
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: F5A9F347E33856EF
Expected: 77F785346F01911B
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys
Downloads/GlobalPlatformPro/tool on master took 2s
➜ gp -list
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: FF2B95C089165D39
Expected: 7BD935F5FAE9B80F
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys
Don’t run that command again. Bad idea, as it says.
Try GP -a apdu -v -d
➜ gp -a 00a4040006D2760001240100 -v -d
#
# gp -a 00a4040006D2760001240100 -v -d
SCardConnect("Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00", T=*) -> T=1, 3B80800101
# GlobalPlatformPro v20.07.04-2-gc360b3e
# Running on Linux 5.4.0-40-generic amd64, Java 1.8.0_252 by Private Build
A>> T=1 (4+0006) 00A40400 06 D27600012401 00
A<< (0000+2) (34ms) 9000
A>> T=1 (4+0000) 00A40400 00
A<< (0018+2) (18ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00", true) tx:17/rx:22
oh, i meant gp -a 00a4040006D2760001240100 -v -d
Ok, great!
That means the app is responding correctly. It’s gpg having trouble.
Have you installed these packages (names for debian but should match other distributions):
pcscd scdaemon pcsc-tools
they’re needed for gpg to use smartcards.
Once installed, run pcsc_scan with your implant on the reader
Yes, I had them installed. Yubikeys have been working with the Feitian R502-CL this whole time. I verified they were installed.
GlobalPlatformPro/tool/target on master took 3s
➜ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Sun Jul 12 17:08:56 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 0
Card state: Card removed,
Sun Jul 12 17:08:57 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 1
Card state: Card inserted,
ATR: 3B 80 80 01 01
ATR: 3B 80 80 01 01
+ TS = 3B --> Direct Convention
+ T0 = 80, Y(1): 1000, K: 0 (historical bytes)
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1
-----
+ Historical bytes:
+ TCK = 01 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 80 80 01 01
ISO 14443 Type B without historical bytes
Electronic Passport
Spanish passport (2012)
Canadian Passport
Venez_Prox
Sun Jul 12 17:09:11 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 2
Card state: Card removed,
-
What happens when you tap the Yubikey for pcsc-scan?
GlobalPlatformPro/tool/target on master took 23s
➜ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Sun Jul 12 17:15:16 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 0
Card state: Card removed,
Sun Jul 12 17:15:19 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 1
Card state: Card inserted,
ATR: 3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
ATR: 3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
+ TS = 3B --> Direct Convention
+ T0 = 8C, Y(1): 1000, K: 12 (historical bytes)
TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1
-----
+ Historical bytes: 59 75 62 69 6B 65 79 4E 45 4F 72 33
Category indicator byte: 59 (proprietary format)
+ TCK = 58 (correct checksum)
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
Yubikey Neo
Sun Jul 12 17:15:23 2020
Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
Event number: 2
Card state: Card removed,
-
Can you try gpg --card-edit with your implant on the reader (it won’t wait for you until you’re actually authenticating)
GlobalPlatformPro/tool/target on master took 16s
➜ gpg --card-edit
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
gpg/card> fetch
gpg: selecting card failed: No such device
gpg: error retrieving URL from card: No such device
gpg/card> help
quit quit this menu
admin show admin commands
help show this help
list list all available data
fetch fetch the key specified in the card URL
passwd menu to change or unblock the PIN
verify verify the PIN and list all data
unblock unblock the PIN using a Reset Code
gpg/card> passwd
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
gpg/card>
gpg: signal Interrupt caught ... exiting
I’ll be honest, i’ve never had that issue at all - but I use Windows for this mainly.
I’m wondering if it doesn’t even try to run the APDU select if scdaemon can’t detect it is a card with the OpenPGP app on it?
I have Windows, too. What should I try? I just hate Windows. A lot. ;^)
I use Kleopatra (installed with gpg for windows) on Windows and it seems to work pretty well.
All I want to do is put my existing PGP keys on my implant. It looks like Kleopatra dumbs things down and generates new ones. Yes, it does read the implant, but this is useless for my needs. OpenKeychain can do the same, but what good is having a one-off PGP key implanted in my arm?
This has proven to be pretty frustrating over the past few months I’ve been trying to do this. Thanks, @fraggersparks for your help so far.
1 Like
ah, if you want to put existing keys on, you can use gpg on Windows cmd too - same format and sounds like it’ll work this time.
Using Windows, I was able to successfully flash my Signing and Encryption 2048 keys. For some reason, Windows refuses to accept that my Authentication subkey is valid. A Debian VM I’m using on Windows accepts the secret key (indicated by the ssb prefix to the key vs sub). Even when I replace the contents of the Windows %APPDATA%\GnuPG\ directory with the Linux version, Windows says either “no secret key” or “unusable” secret key.
What this shows me is that:
- It is possible to flash existing keys onto a Vivokey Flex One using a Feitian R502-CL on Windows if the keys are 2048 RSA.
- There’s something about the base Linux
gpg app that doesn’t like the combination of wireless readers and Vivokey Flex One.
- Windows is still a steaming pile of trash.
Thanks, @fraggersparks. I can at least use this for pass and email signing on the phone, now.
@amal, for your records, a partial victory.
Ordered May 15, received today. 2 1/2 months to ship 400 mi away… That must be some kind of record 
I’ll see if the R502-CLs are any good when I get back home tonite.
EDIT: and… they’re kind of shit really. Good thing they weren’t expensive. Straight to the drawer of forgotten electronics they go… The ACR-122U is still king
Update: on the Apex Flex, I have been able to flash secret keys (S, E, and A) to the PGP applet from both Windows and MacOS**. If anyone needs help with flashing an existing keychain**, let me know.
1 Like