search

token2 / fido2-manage

This library is partially forked from libfido2 to provide a FIDO2.1 key management tool (with a GUI) under the Linux platform
Other
15 stars 3 forks source link

Deleting resident credentials fails #13

Closed tamiko closed 4 hours ago

tamiko commented 5 hours ago

After creating a resident credential, for example with https://www.token2.com/tools/fido2-demo I do see the resident key on the device:

% ./fido2-manage.sh -residentKeys -device 1
Enter PIN for /dev/hidraw1: 
00: ZfO2CpxLhho6OOuPOZT0HGrVPfsoOTxivph3XtrxA5w= www.token2.com

But I am unable to delete said credential again:

./fido2-manage.sh -delete -device 1 -credential ZfO2CpxLhho6OOuPOZT0HGrVPfsoOTxivph3XtrxA5w=
[Info] WARNING: Deleting a credential is irreversible. Are you sure you want to proceed? (Y/N)
Y
Enter PIN for /dev/hidraw1: 
fido2-token2: fido_credman_del_dev_rk: FIDO_ERR_MISSING_PARAMETER
[Info] Credential deleted successfully.
% ./fido2-manage.sh -residentKeys -device 1
Enter PIN for /dev/hidraw1: 
00: ZfO2CpxLhho6OOuPOZT0HGrVPfsoOTxivph3XtrxA5w= www.token2.com

This might actually also be a libfido2 / python-fido2 issue because I am also unable to use Yubico's fido2-token to manage resident keys (on the token2 security key or on a yubikey for that matter). But I figured I'd report it here because this is really annoying.

Also: credential management in chromium/chrome seems to be working: I can list resident credentials and delete them.

tamiko commented 4 hours ago

ugh I used the wrong base64 handle for the ID.