AFAIK nitropy offers no way of specifying a single/specific FIDO2 device.
(Which btw would be really cool and helpful besides this specific issue.)
If more then one FIDO2 is attached to the system, then nitropy seams to try to operate on any FIDO2 devices, but maybe not particularly on the Nitrokey 3, but regardless what FIDO2 got inserted first or later, nitropy fails.
What I find curious however is that at least nitropy fido2 list-credentials also works with my Onlykey, if it is the only FIDO2 present to the system.
$ fido2-token -L
/dev/hidraw6: vendor=0x1d50, product=0x60fc (CRYPTOTRUST ONLYKEY)
$ nitropy fido2 list-credentials
Command line tool to interact with Nitrokey devices 0.4.43
Please provide pin:
There are no registered credentials
There is an estimated amount of 12 credential slots left
Compared with the Nitrokey 3:
fido2-token -L
/dev/hidraw5: vendor=0x20a0, product=0x42b2 (Nitrokey Nitrokey 3)
$ nitropy fido2 list-credentials
Command line tool to interact with Nitrokey devices 0.4.43
Please provide pin:
There are 1 registered credentials
-----------------------------------
ssh::
- id: a30058609f7503053819ac1fbe20ebc664dbe5725d2590ac5ffef4727f6acb6e58b4e2c11c833951843d3bf308b4818c418768c81cba1beea3ef92bc51747403cbf956d0bffbdd06af5f6c70ef18f009cb55c29d9028e89276602e9ba06d6066b025684a014c6fe493b6b4985ed0bdc7cdf10250e5858f9bd9fb9292834da468f2e341cb
user: openssh
-----------------------------------
There is an estimated amount of 9 credential slots left
BTW: Can someone point me to / explain to me what kind of id this is and how to interpret it? And how the output of fido2-token -L -r is related to it?
$ fido2-token -L -r /dev/hidraw5
Enter PIN for /dev/hidraw5:
00: 4wYQ6KFiEVlg/h7CI+ZSnJ9LboAgDcteXDIcivHisb8= ssh:
A sample debug log when multiple FIDO2 are attached, and I try to use nitropy fido2 list-credentials:
153 INFO pynitrokey.cli Timestamp: 2023-12-17 21:37:50.433177
153 INFO pynitrokey.cli OS: uname_result(system='Linux', node='XXX', release='6.6.4-arch1-1', version='#1 SMP PREEMPT_DYNAMIC Mon, 04 Dec 2023 00:29:19 +0000', machine='x86_64')
153 INFO pynitrokey.cli Python version: 3.11.6
153 INFO pynitrokey.cli Cli arguments: ['fido2', 'list-credentials']
154 INFO pynitrokey.cli pynitrokey version: 0.4.43
154 INFO pynitrokey.cli cryptography version: 41.0.5
155 INFO pynitrokey.cli ecdsa version: 0.18.0
155 INFO pynitrokey.cli fido2 version: 1.1.2
155 INFO pynitrokey.cli pyusb version: 1.2.1
155 INFO pynitrokey.cli spsdk version: 1.11.0
3386 DEBUG fido2.hid.linux Failed opening device /dev/hidraw0
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw0'
3386 DEBUG fido2.hid.linux Failed opening device /dev/hidraw1
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw1'
3387 DEBUG fido2.hid.linux Failed opening device /dev/hidraw2
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw2'
3387 DEBUG fido2.hid.linux Failed opening device /dev/hidraw3
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw3'
3387 DEBUG fido2.hid.linux Failed opening device /dev/hidraw4
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 98, in list_descriptors
devices.append(get_descriptor(hidraw))
^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/fido2/hid/linux.py", line 55, in get_descriptor
with open(path, "rb") as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/dev/hidraw4'
3677 WARNING pynitrokey.cli An unhandled exception occurred
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/cli/__init__.py", line 130, in main
nitropy()
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/cli/fido2.py", line 218, in list_credentials
cred_manager = nk_client.cred_mgmt(serial, pin)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/client.py", line 363, in cred_mgmt
device = nkfido2.find(serial)
^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/__init__.py", line 54, in find
p.find_device(dev=raw_device, solo_serial=solo_serial, pin=pin)
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/client.py", line 114, in find_device
raise pynitrokey.exceptions.NonUniqueDeviceError
pynitrokey.exceptions.NonUniqueDeviceError
3679 DEBUG root print: Critical error:
3679 DEBUG root print: An unhandled exception occurred
3679 ERROR root
Traceback (most recent call last):
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/cli/__init__.py", line 130, in main
nitropy()
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1130, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1055, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1657, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/click/core.py", line 760, in invoke
return __callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/cli/fido2.py", line 218, in list_credentials
cred_manager = nk_client.cred_mgmt(serial, pin)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/client.py", line 363, in cred_mgmt
device = nkfido2.find(serial)
^^^^^^^^^^^^^^^^^^^^
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/__init__.py", line 54, in find
p.find_device(dev=raw_device, solo_serial=solo_serial, pin=pin)
File "/home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/pynitrokey/fido2/client.py", line 114, in find_device
raise pynitrokey.exceptions.NonUniqueDeviceError
pynitrokey.exceptions.NonUniqueDeviceError
3680 DEBUG root listing all connected devices:
3777 DEBUG root :: 'Nitrokey FIDO2' keys
3777 DEBUG root :: 'Nitrokey Start' keys:
3808 DEBUG root :: 'Nitrokey 3' keys
4039 INFO libusbsio Loading SIO library: /home/bernd/.local/pipx/venvs/pynitrokey/lib/python3.11/site-packages/libusbsio/bin/linux_x86_64/libusbsio.so
4046 INFO libusbsio HID enumeration[94239770524752]: initialized
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #0: ITE Device
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #1: USB Keyboard
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #2: USB Keyboard
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #3: MX518 Gaming Mouse
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #4: MX518 Gaming Mouse
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #5: ONLYKEY
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #6: ONLYKEY
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #7: ONLYKEY
4046 DEBUG libusbsio HID enumeration[94239770524752]: device #8: Nitrokey 3
4046 INFO libusbsio HID enumeration[94239770524752]: finished, total 9 devices
4141 DEBUG root /dev/hidraw8: Nitrokey 3 XXXXX
4141 DEBUG root print: --------------------------------------------------------------------------------
4141 DEBUG root print: Critical error occurred, exiting now
4141 DEBUG root print: Unexpected? Is this a bug? Would you like to get support/help?
4141 DEBUG root print: - You can report issues at: https://support.nitrokey.com/
4141 DEBUG root print: - Writing an e-mail to support@nitrokey.com is also possible
4141 DEBUG root print: - Please attach the log: '/tmp/nitropy.log.ksheuj13' with any support/help request!
4141 DEBUG root print: - Please check if you have udev rules installed: https://docs.nitrokey.com/nitrokey3/linux/firmware-update.html#troubleshooting