-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yubico-piv-tool should clarify circumstances of "Failed signing certificate" #185
Comments
Start by adding a Also, how was the key generated? |
Thanks for the quick response. And for the record, I generated the key via
The
It appears that that cryptic code may mean "User did not touch the yubikey within 15 seconds" There is no message asking the user to touch the yubikey, and the documentation doesn't mention it. But now I see that it does flash for 15 seconds, so count me as being a bit oblivious. And it does make sense that the user should confirm the action via a touch. So I think that the code should be changed to distinguish the two cases I pointed out in the code, and for this particular situation, to clarify that the yubikey was not touched. Also, the UI and documentation should both be changed to clarify all the necessary steps, including touching the yubikey. |
Glad you got it to work. I see your point, unfortunately it's not easy to know when the YubiKey is waiting for a touch from the application point of view (at least as far as PIV goes). Thanks. |
yubico-piv-tool 2.0.0 is out and contains major upgrade to ykcs11, and to a lesser degree libykpiv, which is used by yubico-piv-tool. Please try that version. Information on whether touch will be required is only sometimes available with current YubiKey firmware. I'm closing this issue for now. |
Running this command:
can generate this error:
First, that is a very uninformative error. No other output is seen other than
Successfully verified PIN.
Second, that string shows up in two places in the code:
yubico-piv-tool/tool/yubico-piv-tool.c
Lines 1006 to 1024 in bc72c73
The code should print distinct messages, with relevant details, for these two situations.
Finally, how do I figure out what went wrong? What information would be useful to you to help debug this?
The text was updated successfully, but these errors were encountered: