Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's impossible to detect if keypair exists in PIV #557

Open
G1gg1L3s opened this issue Feb 15, 2024 · 1 comment · May be fixed by #558
Open

It's impossible to detect if keypair exists in PIV #557

G1gg1L3s opened this issue Feb 15, 2024 · 1 comment · May be fixed by #558

Comments

@G1gg1L3s
Copy link

Hello! I'm doing a small CLI utility that works with Yubikey. As part of its functionality I wanted to detect whether a keypair already existing in a certain slot before generating it, to prevent users from accidentally overwriting that keypair.

But to my surprise, the implementation of metadata command can only return Error::NotSupported and Error::GenericError:

yubikey.rs/src/piv.rs

Lines 931 to 937 in b07612e

if !response.is_success() {
if response.status_words() == StatusWords::NotSupportedError {
return Err(Error::NotSupported); // Requires firmware 5.2.3
} else {
return Err(Error::GenericError);
}
}

As a result, it is impossible to ditinguish between "not found" and other errors.

NIST defines a separate response code 6a 88 as "Referenced data or reference data not found" and this is exactly what Yubikey returned when I tried to execute this command on an empty slot.

I understand that returning another error type from the method may be considered as a breaking change, but it would be welcomed :)
@tony-iqlusion
Copy link
Member

A breaking change is fine. Please open a PR.

@G1gg1L3s G1gg1L3s linked a pull request Feb 17, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle reference data not found in metadata command G1gg1L3s/yubikey.rs
2 participants
@tony-iqlusion @G1gg1L3s