search

trustcrypto / python-onlykey

The OnlyKey Python Command-Line Utility is a command line tool targeted towards more advanced users. This can be used for configuration and testing.
https://docs.crp.to/command-line.html
48 stars 22 forks source link

CTAP error: 0x35 - PIN_NOT_SET #68

Closed TheOnAndOnlyZenomat closed 2 years ago

TheOnAndOnlyZenomat commented 2 years ago

If I try to list my residential keys using onlykey-cli credential info and then type my OnlyKey pin, I receive the error

» onlykey-cli credential info                                                      zeno@NathanArch | 13:54:36
PIN: 
Traceback (most recent call last):
  File "/home/zeno/.local/bin/onlykey-cli", line 8, in <module>
    sys.exit(main())
  File "/home/zeno/.local/lib/python3.10/site-packages/onlykey/cli.py", line 1196, in main
    cli()
  File "/home/zeno/.local/lib/python3.10/site-packages/onlykey/cli.py", line 520, in cli
    solo.cli.key()
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/zeno/.local/lib/python3.10/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/home/zeno/.local/lib/python3.10/site-packages/solo/cli/key.py", line 533, in cred_info
    cm = client.cred_mgmt(pin)
  File "/home/zeno/.local/lib/python3.10/site-packages/solo/devices/base.py", line 116, in cred_mgmt
    token = client.client_pin.get_pin_token(pin)
  File "/home/zeno/.local/lib/python3.10/site-packages/fido2/ctap2/pin.py", line 260, in get_pin_token
    resp = self.ctap.client_pin(
  File "/home/zeno/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 728, in client_pin
    return self.send_cbor(
  File "/home/zeno/.local/lib/python3.10/site-packages/fido2/ctap2/base.py", line 675, in send_cbor
    raise CtapError(status)
fido2.ctap.CtapError: CTAP error: 0x35 - PIN_NOT_SET

This happens with all credential-commands on the command line. If I try to use it in the REPL, nothing happens and it returns to the prompt. Other commands, like getkeylabels, work.

onlykey commented 2 years ago

CTAP error: 0x35 - PIN_NOT_SET

This means you have no PIN set, also without a PIN you have no stored FIDO2 credentials

TheOnAndOnlyZenomat commented 2 years ago

With pin we are talking about the pin I use to unlock my key, right? Because I have set a pin

onlykey commented 2 years ago

For FIDO2 passwordless login you would be prompted in your browser to type a PIN on your keyboard. This is different than your OnlyKey device PIN. The first time you use your device on a site that supports this the browser will prompt you to set a FIDO2 PIN.

TheOnAndOnlyZenomat commented 2 years ago

Ah ok, then I missunderstood what the credential command is for, thank you