search

Nitrokey / pynitrokey

Python client for Nitrokey devices
Apache License 2.0
94 stars 28 forks source link

warn user before running nitropy fido2 update on nitrokey 3 devices? #536

Open pjhfggij opened 2 months ago

pjhfggij commented 2 months ago

I'm under impression that nitropy fido2 update isn't supposed to be used to update Nitrokey series 3 keys and attempts to do so may lead to unexpected behaviors of the device. To be clear running this hasn't damaged my device in any noticeable way, but wouldn't it be good if pynitrokey warned users before they do that (by detecting device type and warning against it) to avoid any potential confusion?

robin-nitrokey commented 2 months ago

Thanks for the report! Running nitropy fido2 update on a Nitrokey 3 should not do any damage, but indeed it would be better to fail early. There are some other fido2 subcommands that only work for the Nitrokey FIDO2 device and not for the Nitrokey 3, e. g. nitropy fido2 status. We plan to split the fido2 subcommand into one subcommand for general FIDO2 operations (i. e. working with the Nitrokey FIDO2 or Nitrokey 3), and one subcommand specifically for the Nitrokey FIDO2.

pjhfggij commented 2 months ago

yeah, I think that names can be a bit confusing right now, nitropy fido2 status output as well only yielded:

Critical error:
An unhandled exception occurred
        Exception encountered: CtapError('CTAP error: 0x01 - INVALID_COMMAND')

instead of mentioning something along device is not supported that would be easier for the user to reason about. Splitting fido2 into subcommands sounds like a good idea.