The application just says Insert a Yubikey...
The personalization tool correctly reports that my key is present.
FYI slot 2 of the key is not configured

I tried to run the osx-patch-ccid script to solve the issues but the output tells me that everything was already setup correctly... (i've reboot the system as suggested in the documentation)

Secondly i ran:
brew install python
brew install pyside
pip install PyInstaller
pip install pycrypto
pip install pyscard
But since i installed the packaged version i assume this was not a necessity...

Could i enable any logging to find out more about the issue or do you have any clue how to solve this?

Thx!

See blow:

~> yubioath-cli
Traceback (most recent call last):
  File "/usr/bin/yubioath-cli", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3084, in <module>
    @_call_aside
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3070, in _call_aside
    f(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3097, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 651, in _build_master
    ws.require(__requires__)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 952, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 839, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'PySide' distribution was not found and is required by yubioath-desktop

PySide is installed:

~> ls -1 /usr/lib/python2.7/site-packages/PySide/* 

/usr/lib/python2.7/site-packages/PySide/__init__.py
/usr/lib/python2.7/site-packages/PySide/phonon.so
/usr/lib/python2.7/site-packages/PySide/QtCore.so
/usr/lib/python2.7/site-packages/PySide/QtDeclarative.so
/usr/lib/python2.7/site-packages/PySide/QtGui.so
/usr/lib/python2.7/site-packages/PySide/QtHelp.so
/usr/lib/python2.7/site-packages/PySide/QtMultimedia.so
/usr/lib/python2.7/site-packages/PySide/QtNetwork.so
/usr/lib/python2.7/site-packages/PySide/QtOpenGL.so
/usr/lib/python2.7/site-packages/PySide/QtScript.so
/usr/lib/python2.7/site-packages/PySide/QtScriptTools.so
/usr/lib/python2.7/site-packages/PySide/QtSql.so
/usr/lib/python2.7/site-packages/PySide/QtSvg.so
/usr/lib/python2.7/site-packages/PySide/QtTest.so
/usr/lib/python2.7/site-packages/PySide/QtUiTools.so
/usr/lib/python2.7/site-packages/PySide/QtWebKit.so
/usr/lib/python2.7/site-packages/PySide/QtXmlPatterns.so
/usr/lib/python2.7/site-packages/PySide/QtXml.so
/usr/lib/python2.7/site-packages/PySide/_utils.py

Installed via the following AUR package. Another user has noted the same issue here as well.

https://aur.archlinux.org/packages/yubico-yubioath-desktop-git/

$ yubioath                   
Traceback (most recent call last):
  File "/bin/yubioath", line 3, in <module>
    from yubioath.gui import main
  File "/usr/lib/python2.7/site-packages/yubioath/gui/__init__.py", line 27, in <module>
    from . import qt_resources
ImportError: cannot import name qt_resources

Commenting out from . import qt_resources from yubioath/gui/__init__.py fix the issue.

Is there a way to way to start the program minimized or in the tray? I was looking around everywhere but couldn't find one.

It would be great if you could include a checkbox in the settings or a start parameter to have it in the tray on startup.

When the application is closed to the taskbar, the dock icon shouldn't be displayed. For some OSes/Display Managers it is.

Confirmed working as intended:

• Windows
• XFCE

Confirmed not working:

• OS X
• Unity

Yubico support suggested that I submit this directly to github.

I have some (hopefully minor) requests for and would like to report some possible bugs in the Yubico Authenticator windows client. Most of this is UI stuff.

Background:

I am using Yubico Authenticator 0.1.1 WINDOWS version in Windows 7 64-bit.
My Yubikey Neo serial # is 300xxxx and it has been configured as [HID+CCID with touch-eject].
Slot 1: YubiOTP
Slot 2: OATH secret for my Google account (using YubiTOTP)
Other credentials: OATH secret for Google account is also stored in YubiOATH applet.

Feature requests to consider:

1. An option or hardcoded setting to limit the time (e.g. 5 minutes) and/or the number of waves of OTPs (e.g. 10 waves) that are generated after entering the pin/password. Then discard the current session with the Yubikey NEO and close the window. Require the user to re-enter the pin/password and then re-authenticate with the Yubikey Neo.

Because there is no physical interaction required to generate these codes from a device that might stay plugged in most of the time, I think this kind of change would be wise to reduce the ability to compromise codes from an unattended session/screen.

1. Also or alternately make the window close [X] discard the current session and require pin/password re-authentication.

3. The warning dialog box (see below) should auto-clear once the yubikey neo is inserted, and the password dialog box should immediately be brought up.

Warning: No Yubikey NEO detected

No Yubikey NEO found. Please plugin your Yubikey NEO in one of your USB port

OK

Possible bugs:

1. Unlike other windows/dialogs, bringing up the password dialog removes the yubikey authenticator from the systray. Especially confusing if the password dialog ends up behind some other window, which happens in windows from time to time. The first few times this happened, I thought that the process exited, when in fact, it was still running behind other apps. Note: exiting the password dialog already restores the icon.
2. A right-click/show-codes action should bring the Yubico Authenticator main/codes window to the front if it is already open. Double-click on the system tray icon already does this correctly, but right-click/show-codes does not.
3. After removing the yubikey neo and double-clicking, the warning dialog box is sometimes generated behind other windows.
4. After removing the yubikey neo and double-clicking, the warning dialog box is sometimes generated in front of other windows, but does not have focus.
5. The above two items sometimes occur with the password dialog box as well.
6. The main window gets renamed from "Yubico Authenticator" to "Authenticator Authenticator" after closing and re-opening it.
7. Sometimes after inserting the yubikey neo after a warning that the yubikey is not inserted, the application will recognize the reinserted yubikey neo enough to ask for the password, but then after entering the password, it again gives the warning instead of opening the Yubico Authenticator dialog. Apparently at this point the only solution is to both quit the program and remove and reinsert the yubikey neo. Looking at the github history, it may be the case this item is being worked on already.

Thanks,
Brendan

PS - I know the window/dialog stack order and window/dialog focus stuff doesn't always work as documented in windows, so I feel your pain on that. :) Also, I'm really looking forward to the new FIDO U2F support on your to be released/new devices soon.

The systray icon in Xubuntu 15.10 Beta 2 is super big:

This behavior only started today, it was fine after I first installed the application. I'm not sure what changed or how to get it back to normal size.

It looks like there's something missing from the build that says to stick yubico_authenticator.py anywhere besides the python site-packages folder.

I installed Yubico Authenticator 2.1.0 via the official OS X installer without incident. It launches properly, but doesn't recognize my Yubikey NEO. I hunted around, found the README, downloaded osx-patch-ccid, ran the patch, and restarted. Still no luck.

When I run osx-patch-ccid, I get this output:

Patching file: /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
Yubico Yubikey NEO OTP+CCID already present, skipping...
Yubico Yubikey NEO CCID already present, skipping...
Yubico Yubikey NEO U2F+CCID already present, skipping...
Yubico Yubikey NEO OTP+U2F+CCID already present, skipping...
Yubico Yubikey 4 CCID already present, skipping...
Yubico Yubikey 4 OTP+CCID already present, skipping...
Yubico Yubikey 4 U2F+CCID already present, skipping...
Yubico Yubikey 4 OTP+U2F+CCID already present, skipping...
Saving file: /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
Patching complete!

This seems to suggest everything is ok, but the app still doesn't work. What am I missing here?

System:
OS X 10.10.3
Mid 2012 MacBook Pro
Python 2.7.9 :: Anaconda 2.2.0 (x86_64)

When the credential name in a QR code is URL encoded (e.g. for Google TOTP), Yubico Authenticator fails to decode it (for example : and @). Example: Google%3Ahenrik%40yubico.com

Many exceptions that are thrown are only visible to the user if they are running from a terminal. These errors should be displayed in the UI itself.

The OS X window management does not work as expected.

1. Have Yubico Authenticator open
2. Double click on a code to have it copied to clipboard
3. The title bar gets weird:
   
4. Clicking on the Dock icon or cmd+alt switching to the Yubico Authenticator does not bring the program to the front. Using the tray icon+show credentials the window will show back up and work.

There is no systray icon visible under KDE Plasma5. Plasma5 started to use a status notifier item instead of the xembed. More details are here.

Is it possible to add some sort of CLI only functionality for generating TOTP codes? I don't need the GUI/systray functionality and I'm having a hard time getting PySide to run in RHEL7.

I wrote a quick PoC and and it seems to work fine on RHEL7:

[jyundt@rhel7 yubicoauthenticator]$ python yubico_authenticator_cli.py 
Failed to load symbol for: SCardCancelTransaction, /lib64/libpcsclite.so.1: undefined symbol: SCardCancelTransaction!
list of readers
<function readers at 0x7f42c7080140>
using reader
Yubico Yubikey NEO OTP+CCID 00 00
Password: 
success
github.com/jyundt  => ######
[jyundt@rhel7 yubicoauthenticator]$ 

Just tried to install latest Yubioath for Desktop version 2.1.0 (on Windows 8.1) and it's erroring out on me. The first error says "Error opening file for writing" and the file is Crypto.Cipher._AES.pyd. Ignoring that and I get more Crypto*.pyd errors. So I had to abort the install. The previous version installed without any issues. (I uninstalled the previous version but didn't do a reboot.) See attached screen shot. Please let me know if you need more info. Thanks!

Not sure if this is specific to the OS version or not, but I am testing on 10.9.5.

EDIT: Looks like it does work on 10.10.1.

I downloaded and installed yubioath-desktop-2.1.1-mac.pkg from https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-2.1.1-mac.pkg .

When I open the app, it immediately closes. If I run it via terminal, I get the following output:

[/Applications/Yubico Authenticator.app/Contents] ./MacOS/yubioath
Traceback (most recent call last):
  File "<string>", line 8, in <module>
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/yubioath.gui.main", line 242, in main
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/yubioath.gui.main", line 113, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/yubioath.gui.controller", line 183, in __init__
Exception in thread Thread-2:
Traceback (most recent call last):
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/threading", line 810, in __bootstrap_inner
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.CardMonitoring", line 158, in run
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.CardRequest", line 59, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCCardRequest", line 81, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCContext", line 53, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCContext", line 40, in __init__
EstablishContextException: 'Failure to establish context: Service not available.'

  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/yubioath.gui.ccid", line 135, in observe_reader
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/yubioath.gui.ccid", line 87, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.System", line 41, in readers
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.reader.ReaderFactory", line 58, in readers
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCReader", line 107, in readers
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCContext", line 53, in __init__
  File "/Users/dain/yubioath-desktop/yubioath-desktop-2.1.1/build/tmp23K3iS/out00-PYZ.pyz/smartcard.pcsc.PCSCContext", line 40, in __init__
EstablishContextException: 'Failure to establish context: Service not available.'
QThread: Destroyed while thread is still running

The only reference I can find to this string online is in Yubico/python-u2flib-host#1

This is with a YubiKey Edge. The YubiKey Personalization Tool does run.

Create Mac packaging - it should be possible via PyInstaller

It seems as if the application can not find the device.
Each time I click "Show Code" a message box with a warning about no Yubikey is shown.

Output in console window

'NoneType' object has no attribute '_cmd_ok'
'Failure to establish context: Service not available.'

Output from lsusb

$ sudo lsusb
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 002: ID 044e:3017 Alps Electric Co., Ltd BCM2046 Bluetooth Device
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 004: ID 1050:0110 Yubico.com 
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 003: ID 05ca:183a Ricoh Co., Ltd Visual Communication Camera VGP-VCC7 [R5U870]
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Hi,

New Yubikey NEO with all modes enabled (-m86 (OTP/U2F/CCID composite device))

'''
python yubicoauthenticator/yubico_authenticator.py
'NoneType' object has no attribute '_cmd_ok'
No smartcard reader found with YubiOath applet
'''

-=david=-

I'm not going to argue which one to use... but please clarify.

When ui_systray.py is run in the XFCE4 environment the system tray icon initially appears, however when 'Show Code' is selected, the systray icon disappears, although the dialog window with the codes appears as expected. When either this window is closed or a code double-clicked, the window closes, and the system tray icon also disappears. The ui_systray.py process is still running though.

On KDE the icon remains as expected.

The OS is Fedora 20 (both x86_64 and i686 builds are affected).

Adding an option to hide the dock icon in the various OS's would be ideal. This would allow it to work better with various workflows and needs. For example, I would like to have the app running on startup, but not have the window displayed immediately nor the dock icon shown unless the credentials windows is available; thereby keeping my dock and app switcher free of clutter.

Installing the current version from the PPA results in a build which will not start:
pkg_resources.DistributionNotFound: PySide

The reason is that the python-pyside package does not correctly register PySide as installed. A temporary workaround is to modify the file /usr/lib/python2.7/dist-packages/yubioath_desktop-2.2.1.egg-info/requires.txt removing the PySide line from it.

I see from the source code that slot-based TOTP/HOTP credentials can be set to require a physical touch to unlock.

I propose adding such an option for applet-based credentials as well.

Currently, in order to unlock the applet-based OTPs, one must only enter the password. By default, this leaves the applet open and generating valid TOTP codes until the user remembers to quit the app or remove the key. Under some circumstances, it would be considered more secure to require a physical interaction for each set of codes generated. The application would continue caching the password but require a physical touch for each TOTP generation request. I understand there are some time-window issues that would need to be addressed carefully for a good user experience, of course.

If this feature would also require changes to the YubiOATH applet, I still think it's worth considering for adding the feature even if it only supported future NEO models.

It is great to have a ppa for ubuntu now! Thanks heaps!

Is it possible to change the packaging that the linux-patch-ccid is launched automatically? After this, the installation works.

[This covers tightening up code-generation security a bit in the desktop authenticator w/o requiring changes to the applet/hardware.]

Preamble (cross-posted from forum):
I understand the threat model that OTPs are meant to mitigate: remote reuse of login credentials from a machine not under the control of the rightful account holder. Man-in-the-middle and/or Man-in-the-browser threats/attacks are generally out-of-scope for OTPs, but may become in-scope for certain OTP-enabled applications that require additional safeguards.

That being said, because a) the yubikeys (esp. nano/-n models) are often left in the USB port for long periods of time and b) because the desktop version of Yubico Authenticator will continuously generate TOTP codes for all accounts and c) because desktop systems can get compromised pretty easily...sum all three items together results in an opinion that leaving the code generation going on for hours/days by default is not the best default choice.

Having to remember to explicitly quit the authenticator (esp. because alt-f4 puts it in the windows system tray, continuing to generate codes) or pull out the key (which will interfere with PIV or PGP operations) seems to require a bit too much active mitigation on the part of the end user. It's not "default safe", it's "default convenient".

Enhancement suggestion (rewritten and expanded based on forum post):

1. A local-software mitigation would be:

• The most secure option: hard-coding a small number of consecutive code generations before the password is discarded and re-prompted for (e.g. 3 or 5), but perhaps current users will balk at this.
• A somewhat less secure option but more secure than the "continuous by default" behavior: adding a local setting for the number of consecutive code generations. Allow 0 for continuous, perhaps, or don't because it's really not a good idea. Limit configuration to single or double digits (e.g.0/1-9 or 0/1-99), defaulting to something reasonable such as 3 or 5.
• The decision on the above is to find the right balance between security and UX.

2. Also note: hardcoding a single-code-before-re-locking is not recommended with the current model due to 30-second-window timing issues, so "1" being hardcoded would probably not work well. Though, perhaps if "1" is chosen (for either option above), the code could delay the single request until the beginning of the use window?

3. And lastly, if there's a countdown of number of tries, it could be added to the code-display dialog box.

Thanks for the consideration.
Brendan

I use my Yubikey NEO as GPG-key (mostly for SSH authentication) and with yubioath-desktop, however, when the key is in use by gpg-agent, Yubico Authenticator says "YubiKey already in use!".

Is there a way to get around this? It is kind of annoying to physically unplug/plug the Yubikey pretty much everytime I should use it.

(Sorry if this is not the appropriate forum for this kind of questions)

Perhaps I'm in the minority of people who don't run a systray on Linux, but it would be nice to have an option to run yubioath as a standalone application. The default could certainly be to launch in the systray, but if something like python ui_systray.py --no-systray was run, it would behave as its own application. I've hacked together a command line version which displays the name and code (which might be another feature request), but it isn't a perfect solution.

An pkg_resources.DistributionNotFound: PySide occur if you try to lunch yubioath

Full Error:

Traceback (most recent call last):
  File "/usr/local/bin/yubioath", line 4, in <module>
    import pkg_resources
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2749, in <module>
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 446, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 459, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 628, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: PySide

Don't really know where the fault is now, but maybe others have the same problem and are interested in the workaround.

Reproduce

1. Install yubioath-desktop deb from the ppa
2. This should install the dependencies python-pyside.qtgui and python-pyside.qtnetwork
3. pyside must not installed through pip
4. run cmd yubioath
5. The Error above is printed and the app exit.

Workaround

Determine your pyside version. For example with /usr/lib/python2.7/dist-packages/PySide/__init__.py.
create a text file /usr/lib/python2.7/dist-packages/PySide-1.2.1-py2.7.egg-info with:

Metadata-Version: 1.0
Name: PySide
Version: 1.2.1
Summary: UNKNOWN
Home-page: UNKNOWN
Author: UNKNOWN
Author-email: UNKNOWN
License: UNKNOWN
Description: UNKNOWN
Platform: UNKNOWN

after that the yubioath starts normal. Of course you can also install pyside with pip. Source

Environment

• yubioath-desktop 2.0.1 EDIT 2.0.2 (It was always 2.0.2 sry I did not look correctly)
• Ubuntu 14.04
• pyside 1.2.1 from standard ubuntu repos
• python 2.7

After enabling mode 6, the Yubico OATH applet does not detect the Neo. I keep getting this message:

The Neo Manager (gui) does detect the Neo though:

Swapping the mode back to mode 2 (OTP + CCID) does let the OATH app detect the Neo correctly.

Sorry... a usb device of mine did this issue by mistake

Steps to recreate:

1. Insert a YubiKey Edge into USB port (firmware version is 4.1.6).
2. 2. Use Yubico Authenticator to program slot 2 for 6 digit TOTP, manually entering secret key.
3. Click OK.
4. When prompted to overwrite the credential stored in slot 2, click OK. (I had already deleted the configuration in slot 2, why am I being prompted for this? Is this just precautionary?)
5. When returned to the main Authenticator window, I'm prompted to Insert a YubiKey.

Pulling out the key and reinserting it does nothing. It appears the configuration of the Edge isn't saved.

On a different note, it would be nice to be able to copy the secret key into the field in the application. Do you want me to create a new issue as an Enhancement request?

After scanning a QR code (btw, that's a kick-ass feature <3), I have an entry called Slack%20(Hashbang):[email protected] which should've been percent-decoded. Unfortunately, I don't see any way to edit it as a workaround.

The app looks really pixelated right now on both my MacBook Pro with Retina Display and my 4k monitor running at 2x (HiDPI) mode.

Is it possible to require the user to tap the yubikey (neo in this case) before the tokens are given?

I'm working on a branch of this repo that introduces a nice easy to use command line tool (to help with automation around cli-based TOTP) and I wondered if it would be possible for me to implement this, and if so, how (roughly) i'd go about it?

I use the standard zoom settings in Windows.

Could have been mentioned in the docs or on this repo, would have saved me 2 hours of my life.

https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-0.1.1.pkg

PyInstaller currently only adds a single executable for the project. It would be nice to work around this to provide yubioath-cli to users of the installers (Windows, OS X) as well.

I'm having a consistent problem that appears to be a bug in yubioath-desktop-0.1.1.exe on Windows 8.1 x64.

If the exe is launched before the NEO is inserted then everything works perfectly. If the exe is already running when the NEO is inserted it fails to detect the NEO (even if it was previously launched whilst the NEO was connected). Reproducible every time in my environment.

Since the application stays running in the system tray upon closing the window by default, it is quite easily to overlook when attempting to run the uninstaller, or running the installer of a later version. The uninstaller fails to remove files that are in use, but does not notify the user that these files are left behind. The installer will complain that it cannot overwrite files that are in use, but give no indication of how to solve the problem.

Both the installer and uninstaller should check for running instances of the application, and close them if needed.

The tray icon does not conform to (any?) design guidelines of:

• Mac OS X: dark mode support please
• Ubuntu: monochrome that matches selected theme

Brief

The Show Code operation from the systray will fail with No Yubikey NEO found. Please plugin your Yubikey NEO in one of your USB port. This occurs sine I activate the U2F Module in my Yubikey NEO.

Reproduce

1. Plug In your Yubikey

2. lsusb should find your yubikey: Bus 001 Device 012: ID 1050:0116 Yubico.com

3. Start python2 ./yubicoauthenticator/ui_systray.py. The Yubico Tray icon should be appear in the tray without errors.

   3.a Alternative: plug in your yubikey here instead in Point 1.
   3.b lsusb should find your yubikey: Bus 001 Device 012: ID 1050:0116 Yubico.com

4. A message boy with No Yubikey NEO found. Please plugin your Yubikey NEO in one of your USB port. appears

5. On Console the following will be printed:

   'NoneType' object has no attribute '_cmd_ok'
   No smartcard reader found with YubiOath applet
   

   5.a Alternative message on the VM Machine:

   'NoneType' object has no attribute '_cmd_ok'
   'Failure to establish context: Service not available.'
   

Notes

• yubioath-desktop still working on windows 8.1 x64 on the same machine
• The Linux version of yubioath-desktop worked before activation of the U2F module. I'am not to 100% sure if this is related, since I activated the U2F module on windows and only use Windows for a long time afterwards.
• The Yubikey Personalization Tool correctly detects the yubikey

Environment

Linux environment

• Ubuntu 14.04
• yubioath-desktop 0.1.1

VM Linux environment

• Ubuntu 14.04
• yubioath-desktop 0.1.1
• more clean and fresh then the other environment

There seems to be an length limitation of the secret the app can handle.

Description

GitLab.com generates a secret with 80 characters.
If I try to add an account with this secret the add new account dialog and the main window simply closes and do nothing.
So is there any length limitation? 80 characters is much more then normal length, but I don't know if this breaks any standard. Well Google Authentificator and FreeOTP have no problems. So is this a memory problem of yubikey or does yubioath-desktop simply assumes a false, maximum length of the secret?

Reproduce

1. Click on Add Account
2. Enter any name
3. Enter a long valid secret (for example 80 characters. I haven't tried out where is the border)
4. Click on OK

Observed Behaviour

The Add New Account dialog and the main window closes. The tray icon will not exit and is still working. The Account is not added to the list.

Expected Behaviour

Only the Add New Account dialog closes and the item appears in the list.

Environment

• Windows 8.1
• yubioath-desktop 0.1.1
• Yubico NEO (all three modes enabled, already eight other accounts added)
• Linux is not tested because #15 still persists

I'm using Ubuntu 14.04 LTS and you need to install some packages before it will work.

sudo aptitude install python-pyscard python-pbkdf2 python-pyside

python-pyside is a quite large install and it might be sufficient with less but with these packages it works at least.

Please update the readme

CCID is disabled by default on NEO's. This can cause confusion for users of Yubico Authenticator.

Yubico Authenticator should detect that a NEO without Smart Card communication is inserted (and give the user an option to enable it). Since some users might want to just use the OTP slots (not enable CCID), there should be a "Don't show this again" checkbox in the dialog window.

See this forum topic for discussion.

I don't know how this would work, so this is more a placeholder for future thinking. For example, how to get the QR code into the application? Drag'n'drop an image? Take a screenshot of the system and scan for QR code? A browser plugin to do it automatically on OATH-signup pages?

Example:

~> yubioath-cli

AWS                        902168
Facebook                   840704
Github                     202159
Google                     065648

~> gpg --card-status

Application ID ...: D2760001240102000006033646440000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03364644
Name of cardholder: Lance Vick
Language prefs ...: en
Sex ..............: male
URL of public key : http://pgp.mit.edu/pks/lookup?op=vindex&search=0xE90A401336C8AAA9
Login data .......: lrvick
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 21
Signature key ....: 387A 3684 2D5A A336 0A05  193E 8D5B 2F41 F664 44E5
      created ....: 2015-03-19 08:41:47
Encryption key....: 1F43 D8C3 9A32 F33A EC7A  6527 5301 06BD D94A 0B8A
      created ....: 2015-03-19 08:43:20
Authentication key: 7FDA 0082 EF1E 9A5B 9EB6  B63F D362 694A F189 271D
      created ....: 2015-03-19 08:45:19
General key info..: sub  rsa2048/F66444E5 2015-03-19 Lance R. Vick (Personal) <[email protected]>
sec#  rsa4096/36C8AAA9  created: 2009-05-09  expires: never     
ssb>  rsa2048/F66444E5  created: 2015-03-19  expires: never     
                        card-no: 0006 03364644
ssb>  rsa2048/D94A0B8A  created: 2015-03-19  expires: never     
                        card-no: 0006 03364644
ssb>  rsa2048/F189271D  created: 2015-03-19  expires: never     
                        card-no: 0006 03364644
ssb#  rsa4096/A649FFDA  created: 2009-05-09  expires: never     
ssb#  rsa4096/4D08A9A6  created: 2015-02-01  expires: never     

~> yubioath-cli

No YubiKey found!

Using a Neo setup with all three modes enabled via ykpersonalize -m86

gpg version for reference:

~> gpg --version

gpg (GnuPG) 2.1.7
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Enhancement request, usability improvement.

Right now, in order to add the secret key for a YubiKey Edge (or other key), you have to manually enter the key text. In order to improve the user's experience, please add the capability to copy the key into the "Secret key" field. The easiest way would be to recognize the Ctrl+V key press (or Apple+V on a Mac system). Not necessary but "nice to have" would be a "Paste from Clipboard" button, or something similar.

The way the Yubikey Neo is detected limits the application to USB operation, even though it is capable of contactless operation.

Currently, it only matches a hard coded pattern against the smartcard reader name and throws an exception if none is found, but by just changing the pattern, I have it working flawlessly with the contactless reader in my laptop palmrest (Dell latitude E6520 with the Broadcom NFC+fingerprint reader option):

READER_PATTERN = re.compile('.*(Yubikey NEO|Broadcom Corp Contactless SmartCard).*', re.I)

If possible, I would suggest matching against the card itself, and not the reader.
If not, the application should allow the user to select from any available smartcard readers before failing.

So when I use the Windows Desktop version it doesn't give me the proper code, yet when I take the Yubikey Neo out and use it on my Android Phone it gives me the proper code. Any ideas?