Windows 10: Yubikey 5 PIV Smartcard for Bitlocker on Windows 10 x64

I cannot get Windows 10x64 to use the smartcard on Yubikey 5 for bitlocker on non-system drives. "No Valid Certificates Were Found on This Smart Card" comes when I try to turn on bitlocker - this happens immediately,no PIN is requested.


I make the certificate with certreq, and the certutil -v -scinfo seems to give a single error:


Smart Card Log-on: Chain on smart card is invalid


-The certificates are in trusted locations

-The FVE registry DWord for Selfsigningcertificates has been added.

-Smartcard policy in gpedit is correct.


I would really like to know what the problem could be CLR? - I've tried to clean the cache, and specifically if it is correct that bitlocker should refuse a smartcard certificate, without the smartcard PIN being inputted.


A couple more days, and it's back to Veracrypt.


Thanks.

:)

 

"A valid smart card wasn't detected" when trying to unlock drive with BitLocker

Hello,

I have a YubiKey4 that I recently set up with a self-signed smart card certificate per this
guide. I encrypted two hard drives with it via BitLocker, one an external USB drive and one an internal fixed drive that isn't the Windows OS drive.

Everything was working fine for about 5 days - I could unlock the drives by inserting the YubiKey "smart card" and entering the PIN for it.

One day, I tried to unlock a drive and I received the error "A valid smart card wasn't detected". The light on the YubiKey would illuminate, but that was it. I unlocked the drives using the recovery key, added a password instead, and removed the smart card.
I could re-add the smart card without an error in the BitLocker settings for the drive; however, unlocking the drive with the smart card continued to not work.

I started over with the smart card by resetting the YubiKey PIV applet and re-creating another BitLocker smart card certificate per the guide I linked to above. I re-added the smart card in the BitLocker settings for the drive again, and the smart card works
to unlock the drive! ...until I reboot the computer. After a reboot, I receive the "A valid smart card wasn't detected" error again and I'm back to square one.

I've determined the YubiKey seems to be working fine, but for some reason after a system restart BitLocker doesn't like it anymore. The YubiKey PIV Manager application shows that all is well on the "smart card" end, with one certificate installed for BitLocker.
Yubico support had me remove their smart card minidriver and revert to the basic Windows smart card driver, but that doesn't seem to make a difference either (and I can't generate and install a certificate through Windows without the minidriver anyway). When
it works, it works with the Yubikey smart card minidriver too.

Any suggestions would be appreciated.

 

Windows Hello face recognition + Yubikey 5

Please add the possibility to use face recognition with a Yubikey 5 in true 2FA configuration

 

Can YubiKey PIV and FIDO U2F be used together?

I setup my YubiKey for PIV authentication to my computer, and FIDO U2F for web app authentication. My issue is, whenever something requests FIDO access from my YubiKey, it disconnects the smart card. This creates a problem, because I want my computer to lock when the smart card is disconnected from the computer.

So, I guess my question is, can these services co-exist, or does my method of keeping my roommate out of my computer have a few flaws in it?