-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ykman openpgp access change-admin-pin
accepts PIN that is too long
#556
Comments
Sorry for taking so long on this. I've tried to reproduce this, but haven't been able to. The documentation you've linked to is specifically for FIDO2 PIN's and does not apply to OpenPGP. For OpenPGP the max length of a PIN (on a YubiKey) is 127 characters. Attempting to set a PIN longer than 127 characters using ykman results in an error. Other than the error not being very clear (this will be fixed in the next version of ykman), it seems to be behaving as expected. |
Update: I did notice that GPG is refusing to accept any PIN longer than 99 characters, making a longer PIN practically unusable. This would be a limitation in GPG though, not in ykman or the YubiKey. |
The latest release of ykman (5.3.0) now produces a more descriptive error if you attempt to set a PIN that is too long (longer than 127 characters). |
YubiKey Manager (ykman) version: 5.0.1
Steps to reproduce
ykman openpgp access change-admin-pin
Expected result
In the steps above, I would have expected step 2 to fail and tell me that my PIN was not accepted because it is too long.
Actual results and logs
The truncated password was accepted, so what I thought was my PIN was not actually my PIN.
Other info
This documentation suggestions PINs cannot be longer than 63 characters: https://support.yubico.com/hc/en-us/articles/4402836718866-Understanding-YubiKey-PINs.
The text was updated successfully, but these errors were encountered: