I’ve received my Nitrokey 3A Mini in the mail today and started to test it with “nitropy” (0.4.26) using the command “nitropy nk3 test”, which failed with the following output:
Command line tool to interact with Nitrokey devices 0.4.26
Found 1 Nitrokey 3 device(s):
- Nitrokey 3 at /dev/hidraw0
Running tests for Nitrokey 3 at /dev/hidraw0
[1/3] UUID query SUCCESS E18721AB5FBC1C630000000000000000
[2/3] Firmware version query SUCCESS v1.1.0
Please press the touch button on the device ...
[3/3] FIDO2 FAILURE Unexpected FIDO2 cert hash for version v1.1.0: 4c331d7af869fd1d8217198b917a33d1fa503e9778da7638504a64a438661ae0
3 tests, 2 successful, 0 skipped, 1 failed
Summary: 1 device(s) tested, 0 successful, 1 failed
Critical error:
Test failed for 1 device(s)
FIDO2 generally seems to be working but I’m a bit worried what’s wrong there.
yes, you are too fast pynitrokey needs a new release with the needed changes, it will be released today! So version 0.4.27 should not throw this error anymore.
edit: as an explanation what happens here: the nRF52 models are delivered with another set of fido2 certificates, this is exactly what you see there. This PR introduced the new hash, which is btw. the one you posted. So it’s all fine for your device.
I came around testing the v0.4.27 release of pynitrokey today and “nitropy nk3 test” is still throwing an error for me:
Command line tool to interact with Nitrokey devices 0.4.27
Found 1 Nitrokey 3 device(s):
- Nitrokey 3 at /dev/hidraw0
Running tests for Nitrokey 3 at /dev/hidraw0
[1/3] UUID query SUCCESS E18721AB5FBC1C630000000000000000
[2/3] Firmware version query SUCCESS v1.1.0
Please press the touch button on the device ...
[3/3] FIDO2 FAILURE 'x5c'
3 tests, 2 successful, 0 skipped, 1 failed
Summary: 1 device(s) tested, 0 successful, 1 failed
Critical error:
Test failed for 1 device(s)
where the relevant part of the log says:
3772 ERROR pynitrokey.cli.nk3.test An exception occured during the execution of the test FIDO2:
Traceback (most recent call last):
File "/home/dmrauh/.local/lib/python3.10/site-packages/pynitrokey/cli/nk3/test.py", line 225, in run_tests
result = test_case.fn(ctx, device)
File "/home/dmrauh/.local/lib/python3.10/site-packages/pynitrokey/cli/nk3/test.py", line 173, in test_fido2
cert = make_credential_result.attestation_object.att_stmt["x5c"]
KeyError: 'x5c'