This page is intended to evaluate the error messages returned by the libnitrokey commands used in the nitrocli commands. Commands that are checked in the list have been evaluated.

• status

• lock

• config

  • get
  • set

• storage

  • If no AES key is present, a distinct error code should be returned (issue).
  • It is questionable whether closing an already closed encrypted volume should go through just fine.
  • open
  • close
  • status

• otp

  • get
  • $ nitrocli otp get 12
    > Could not generate OTP: The given OTP slot is not programmed

  • $ nitrocli otp get 255
    > Could not generate OTP: The given slot is invalid

  • -a/--algorithm is under our control
  • no libnitrokey errors triggerable through -a totp -t
  • set
  • status
  • clear

• pin

  • clear
  • set
  • unblock

• pws

  • If the AES key cannot be decrypted, the device should return an AES decryption error instead of an unkown error (Storage only, issue).
  • If no AES key is present, a distinct error code should be returned (Pro issue, Storage issue).
  • When accessing a slot that is not programmed, an appropriate error code should be returned instead of an empty string (Pro issue, Storage issue).
  • When a string is too long the error message does not indicate which string that is

    $ nitrocli -m pro pws set 1 pws-test-new login-test pass0rd
    > Could not write PWS slot: The supplied string is too long

  • get
  • set
  • status
  • clear

Other:

• Fail firmware export if unencrypted volume is not writable (issue).
• Return appropriate error if the slot number is invalid when creating a hidden volume (issue).