-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
YH_MSG_BUF_SIZE too small to import a wrapped RSA:4096 key #61
Comments
Hi, judging by the size of your file (5016 bytes), I'm guessing that what happened is that you've run the command a few times and ended up with two keys in the same file. As for the size of the buffer, as you've guessed it's not just an arbitrary limit in the code, the device itself can't read messages longer than 2kB. |
Wow, that was it. Not gonna lie, that's incredibly frustrating: I have spent hours on this today reading and tracing yubihsm-shell and even working through the USB packets to understand a series of apparent bugs that can all be put down to this. Is there a reason why it appends instead of either overwriting or failing (like most other Unix tools, I'd wager)? If I worked up a patch to make it overwrite or fail (or prompt, if I can work that out), would you be interested? Either way, thanks. |
Sorry to hear that you've wasted time on this. Truncating would be even more surprising in that regards, as you may have valuable data in that file. I think that leaves failing as the only sane alternative. (I'll close the issue since it's resolved, but feel free to comment more). |
It could perhaps be less surprising if it only appends on output formats that can handle it, like PEM. For everything else maybe just abort with an error. It makes it clear what's happening. |
I have created #63 to track this problem. |
I've created a RSA:4096 key and exported it as follows:
With #60 in place to allow this file to be loaded, I attempt to import:
Tracing the code, we see we land in this error condition in
yh_util_import_wrapped
:Here
in_len
is 3761 bytes, butYH_MSG_BUF_SIZE
is 2048.Reading further, it looks like
YH_MSG_BUF_SIZE
is deeply wired into USB message sizes, so naively increasing it is probably not going to work. Is that right?Any ideas for how to import this key?
The text was updated successfully, but these errors were encountered: