-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify/document hotp-verification output for 6 Admin/User PINS and firmware version #36
Comments
@jans23 @nestire @daringer : seal-hotpkey get the output of gpg which in this case is a bit irrelevant since NK3 implement HOTP secret independently of GPG. The "age" being <1 month old is still valid for public key age, where card counters don't apply for NK3 HOTP secret validation. So technically, logic applied under seal-hotp-key to check HOTP counter (not Admin PIN related) is invalid as of today. |
It looks like the output of As Going this way the entire |
@daringer : could hotp-verification
|
will check
I suppose you mean it should report remaining tries, if so: will check
Don't understand this, can you elaborate what you mean here? Also please keep in mind we are talking about Generally, an example of the expected output of |
The first and second points should not be too complicated, @tlaurion could you please tell (note down an example) how you would like the |
Sorry I haven't looked into this. As of now the output doesn't make any sense providing info that are not even in releases notes so cannot even be crosslinked. I already referred to what code of heads do and where things could be adapted depending of what hotp-verification could provide. For the rest this is nitrokey problem, not mine I'm sorry. I would hope this is actioned upon without needing me to produce any ouput whatsoever: nitrokey changes should not break compatibility, or hotp-verification should be adapted to follow nitrokey changes. I make a statement here. I was told to stop working for free. That's what I'm doing. |
@daringer : maybe we have to flip this around and see what Heads official docs currently says at https://github.com/linuxboot/heads-wiki/blob/master/Installing-and-Configuring/configuring-keys.md rendered at https://osresearch.net/Configuring-Keys/#oem-factory-resetre-ownership Thinking points:
On hotp-verification output:
Let's start from there @daringer ? |
Wrongly reported under linuxboot/heads#1726
My answer at linuxboot/heads#1726 (comment)
@nestire answer (incomplete) at linuxboot/heads#1726 (comment)
--
End user asked clarifications under Dasharo Premier support at (answered by me): https://matrix.to/#/!RNcjJXCGHiyxXCHpKv:matrix.org/$A9IbvnjLuw1EaXAynHtvlrnewrkPqYpMA2kae5t1ONM?via=matrix.org&via=nitro.chat&via=matrix.3mdeb.com
The text was updated successfully, but these errors were encountered: