-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIDO2 list-credentials fails #336
Comments
The error occurs inside
https://github.com/Yubico/python-fido2/blob/1.1.0/fido2/ctap2/credman.py#L159 The totalRPs field is missing from the enumerateRPsBegin response although it is required (§ 6.8.3 of the spec). Looking at the source code, it is omitted if zero: So my understanding is that there really are no credentials to be listed. Note that not all credentials are discoverable with this command. In fact, most credentials used for 2FA are not. Typically, you’ll only have discoverable credentials (“resident keys”) if you use pasword-less login, e. g. with Google or Microsoft. Are you sure this is the case for your device? |
Ah so there is a difference between those credentials. I do in fact have no passwordless logins configured. although there should still be a proper message to the user instead of a KeyError. |
To do:
|
1 similar comment
This comment was marked as duplicate.
This comment was marked as duplicate.
If we know that the credentials count is zero, we don’t have to enumerate RPs. This works around an issue with the Nitrokey FIDO2 not including the totalRPs field in the enumeration response if it is zero. Fixes: #336
If we know that the credentials count is zero, we don’t have to enumerate RPs. This works around an issue with the Nitrokey FIDO2 not including the totalRPs field in the enumeration response if it is zero. Fixes: #336
like the title says, running
nitropy fido2 list-crdentials
fails.I've installed the udev rules and can normally use the key, but managing the credentails is not working. The firmware of the FIDO2 key is the newest version.
I also tried to use chromium but it only offers me an empty list so it might also be a firmware bug.
Here is the log-file (host- and username as well as other usb-devices have been censored):
nitropy.log
The text was updated successfully, but these errors were encountered: