Yubico and GnuPG interpretate the standard in different ways. While Yubico follows strictly the spec and expects the TAG encapsulating the output of GET_DATA, GnuPG expects consecutive DO in the response.

A possible workaround is to detect whether sub-DO are called (GnuPG) or management AID is called (Yubico). Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2025-12-05 19:11:21 +01:00
parent 504d90a2b3
commit 90e77f7c61
4 changed files with 44 additions and 2 deletions
--- a/src/openpgp/management.c
+++ b/src/openpgp/management.c
@@ -145,6 +145,7 @@ int man_process_apdu() {
    }
    for (const cmd_t *cmd = cmds; cmd->ins != 0x00; cmd++) {
        if (cmd->ins == INS(apdu)) {
+            is_gpg = false;
            int r = cmd->cmd_handler();
            return r;
        }