# Yubikey 5 NFC not working with yubioath-desktop, py-yubikey-manager and py-yubikey-manage-qt



## maurizio (Dec 12, 2020)

Hello all,
my *yubikey 5 NFC* is not detected by *security/ypy-yubikey-manager* (CLI) and *security/yubikey-manager-qt*  (GUI) on my FreeBSD 12.1.
`ykman-gui`and `ykman list` does not detect my yubikey!

```
$ ykman list
Usage: ykman list [OPTIONS]
Try "ykman list -h" for help

Error: Failed to establish CCID context. Is the pcscd service running?
```

My YubiKey 5 NFC is not recognized by *security/yubioath-desktop* (yubykey authenticator) too.
I read "Connecting to Yubikey..." on the yubykey authenticator window when my yubikey 5 NFC to USB port is connected to USB port. I read "No YubiKey detected" when is NOT connected.
Maybe because yubioath-desktop is not updated to at least version 5.0.3.

```
Version 5.0.3 (released 2020-04-14)
    macOS: Make the app available in the macOS App Store
    Windows: Make the app available in the Microsoft Store (for Windows 10 20.04 and higher)
    Linux: Make the app available in the Snap Store
    Add support for YubiKey 5C NFC
    Bugfix: Make sure the application is always visible on Windows
```

I get right output using `ykinfo -s -m -H -v -t -p` and `gpg --card-status`. It seems my yubikey is correctly recognized by FreeBSD but not by py-yubikey-manager-qt and yubioath-desktop

```
$ dmesg
ugen2.2: <Yubico YubiKey OTP+FIDO+CCID> at usbus2
ukbd2 on uhub2
ukbd2: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 2> on usbus2
```

What is wrong?


----------



## inaley (Dec 13, 2020)

It seems you need to set pcscd to run.

In order to keep pcscd run on start, `# sysrc pcscd_enable=yes` should do the trick (you would need to reload rc.conf by simply rebooting). I have encountered the issue, and confirmed it worked.

Hope this helps!


----------



## inaley (Dec 13, 2020)

also don't forget to install pcsc-tools!


----------



## iandstanley (Jun 9, 2021)

I have the same problem with my laptop running FreeBSD 13.0

Laptop has been rebooted a number of times since I installed all of this.


*WORKING*

ykinfo
U2F with firefox
OTP with firefox
yubikey piv tool
gpg with key stored on the Yubikey 5 card feature
everything works on my debian 10 desktop

*FAILING*

yubioath-desktop
ykman
ykman gui (3.7)
FIDO2 with firefox (U2F works though) with my Yubikey 5nfc

*pcscd up and running*

installed, running and sysrc enabled;

log output 

------
pcscd is running

when i run pcsc_scan I get the following as I insert my yubikey5
`
Using reader plug'n play mechanism
Scanning present readers...
Waiting for the first reader...   ^found one
Scanning present readers...
0: Yubico YubiKey OTP+FIDO+CCID 00 00

Wed Jun  9 00:52:37 2021
 Reader 0: Yubico YubiKey OTP+FIDO+CCID 00 00
  Event number: 0
  Card state: Card inserted,
  ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40

ATR: 3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
+ TS = 3B --> Direct Convention
+ T0 = FD, Y(1): 1111, K: 13 (historical bytes)
  TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU
    43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
  TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 15 --> Block Waiting Integer: 1 - Character Waiting Integer: 5
+ Historical bytes: 80 73 C0 21 C0 57 59 75 62 69 4B 65 79
  Category indicator byte: 80 (compact TLV data object)
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C0
        - DF selection by full DF name
        - DF selection by partial DF name
      Data coding byte: 21
        - Behaviour of write functions: proprietary
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: C0
        - Command chaining
        - Extended Lc and Le fields
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Tag: 5, len: 7 (card issuer's data)
      Card issuer data: 59 75 62 69 4B 65 79
+ TCK = 40 (correct checksum)

Possibly identified card (using /usr/local/share/pcsc/smartcard_list.txt):
3B FD 13 00 00 81 31 FE 15 80 73 C0 21 C0 57 59 75 62 69 4B 65 79 40
        Yubico YubiKey 5 NFC (PKI)
https://www.yubico.com/product/yubikey-5-nfc
`

*DMESG*

dmesg spits out the following:

`
ugen0.7: <Yubico YubiKey OTP+FIDO+CCID> at usbus0
ukbd0 on uhub0
ukbd0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 28> on usbus0
kbd2 at ukbd0
uhid0 on uhub0
uhid0: <Yubico YubiKey OTP+FIDO+CCID, class 0/0, rev 2.00/5.27, addr 28> on usbus0
`


----------



## iandstanley (Sep 1, 2021)

inaley said:


> It seems you need to set pcscd to run.
> 
> In order to keep pcscd run on start, `# sysrc pcscd_enable=yes` should do the trick (you would need to reload rc.conf by simply rebooting). I have encountered the issue, and confirmed it worked.
> 
> Hope this helps!



I'd missed the 


> `# sysrc pcscd_enable=yes`


----------

