Can't use command set-retries

[xu-minghao317]

• YubiKey Manager (ykman) version: 5.2.1
• How was it installed?: brew
• Operating system and version: macOS 14.2.1
• YubiKey model and version: YubiKey 5 NFC
• Bug description summary:
  Cannot use set-retries

Steps to reproduce

ykman openpgp info shows:

OpenPGP version:            3.4
Application version:        5.4.3
PIN tries remaining:        3
Reset code tries remaining: 0
Admin PIN tries remaining:  2
Require PIN for signature:  Once
...

and I want to set-retries to set all PIN-RETRIES RESET-CODE-RETRIES ADMIN-PIN-RETRIES to 3, so:
ykman openpgp access set-retries 3 3 3

but got:

Enter Admin PIN:
Set PIN retry counters to: 3 3 3? [y/N]: y
ERROR: An unexpected error has occuredTraceback (most recent call last):
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/ykman/_cli/__main__.py", line 377, in main
    cli(obj={})
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/ykman/_cli/openpgp.py", line 163, in set_pin_retries
    session.verify_admin(admin_pin)
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/yubikit/openpgp.py", line 1208, in verify_admin
    self._verify(PW.ADMIN, admin_pin)
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/yubikit/openpgp.py", line 1184, in _verify
    raise e
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/yubikit/openpgp.py", line 1179, in _verify
    self.protocol.send_apdu(0, INS.VERIFY, 0, pw + mode, pin_enc)
  File "/opt/homebrew/Cellar/ykman/5.2.1_1/libexec/lib/python3.12/site-packages/yubikit/core/smartcard.py", line 229, in send_apdu
    raise ApduError(response, sw)
yubikit.core.smartcard.ApduError: APDU error: SW=0x6a80

Expected result

set-retries set all to 3

[dainnilsson]

The error you are getting (and this needs to be fixed, because it's not very helpful) indicates that it is failing to validate the Admin PIN. Specifically, the error should only occur when an invalid length is used for the PIN, not when the incorrect PIN is used. The Admin PIN has a minimum length of 8 characters, is it possible that you are entering a value that is shorter than that?

[xu-minghao317]

Thank you, it should be 8 characters. I guess I need to write it down in a paper :)