Skip to content

libnitrokey error handling

Daniel Müller edited this page Jan 20, 2019 · 12 revisions

This page is intended to evaluate the error messages returned by the libnitrokey commands used in the nitrocli commands. Commands that are checked in the list have been evaluated.

  • status

  • lock

  • config

    • get
    • set
  • storage

    • If no AES key is present, a distinct error code should be returned (issue).
    • It is questionable whether closing an already closed encrypted volume should go through just fine.
    • open
    • close
    • status
  • otp

    • get
    • $ nitrocli otp get 12
      > Could not generate OTP: The given OTP slot is not programmed
    • $ nitrocli otp get 255
      > Could not generate OTP: The given slot is invalid
    • -a/--algorithm is under our control
    • no libnitrokey errors triggerable through -a totp -t
    • set
    • status
    • clear
  • pin

    • clear
    • set
    • unblock
  • pws

    • If the AES key cannot be decrypted, the device should return an AES decryption error instead of an unkown error (Storage only, issue).
    • If no AES key is present, a distinct error code should be returned (Pro issue, Storage issue).
    • When accessing a slot that is not programmed, an appropriate error code should be returned instead of an empty string (Pro issue, Storage issue).
    • When a string is too long the error message does not indicate which string that is
      $ nitrocli -m pro pws set 1 pws-test-new login-test pass0rd
      > Could not write PWS slot: The supplied string is too long
    • get
    • set
    • status
    • clear

Other:

  • Fail firmware export if unencrypted volume is not writable (issue).
  • Return appropriate error if the slot number is invalid when creating a hidden volume (issue).
Clone this wiki locally