openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard

Published 20 hours ago verified publisher icon openssh

sk-usbhid: improved PIN error handling

Open LDVG opened this issue 2 years ago • 1 comments

~~NOTE: This PR is a continuation of #310; marked as draft until #310 is merged/closed.~~

For verify-required and resident options, ssh-keygen always prompts for a PIN. If the authenticator does not have a PIN set, the user is presented with an "invalid format" error message.

Instead of preemptively asking for a PIN, determine whether it's required by examining the authenticator's return value. If a PIN is required but not set, optionally set a new PIN. Otherwise, print a more informative error message to the user.

LDVG avatar Jun 29 '22 13:06 LDVG

Rebased since #310 and parts of #302 were merged. The latter dropped preemptive prompts for the authenticator PIN which means this PR now primarily aims to help the user enroll a PIN when creating resident or verify-required credentials.

LDVG avatar Nov 07 '22 10:11 LDVG