Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importing keys results in error SW=0x6700 #651

Open
Aetherinox opened this issue Jan 9, 2025 · 0 comments
Open

Importing keys results in error SW=0x6700 #651

Aetherinox opened this issue Jan 9, 2025 · 0 comments

Comments

@Aetherinox
Copy link

Aetherinox commented Jan 9, 2025
edited
Loading

  • YubiKey Manager (ykman) version: Yubikey Manager v1.2.6; CLI v5.5.1
  • How was it installed?: exe
  • Operating system and version: Win 11 Pro 10.0.22631 Build 22631
  • YubiKey model and version: Yubikey 5 - Firmware 5.4.3
  • Bug description summary:
    When attempting to import an ECC 384 key using either the command-line or Yubikey Manager, it results in the error yubikit.core.smartcard.ApduError: APDU error: SW=0x6700

Edit: To summarize. It appears like a muppet, I had Yubikey Manager and ykman CLI in my Windows paths, and since Yubikey Manager GUI comes with an old version of ykman, they were fighting. So when I got the long error, it was from 5.0.4 on the Yubikey Manager's version. Then when I killed the windows path to Yubikey manager and kept only ykman, I had the correct version of 5.5.x.

So it wasn't really an issue, just a moment of confusion. I guess the only thing I really need is to understand what the error means:

ERROR: APDU length exceeds YubiKey capability

Which I googled, and could not seem to get an explanation on.

Edit 2:

I read through the source code for that error, which lead me to some defined value

class _MaxApduSize(IntEnum):
    NEO = 1390
    YK4 = 2038
    YK4_3 = 3062

Then I found:

And according to those docs, ECC384 should use an md of 384 bits But when I try that, same error. Also tried SHA256 for the digest, and yet again, same error.


Steps to reproduce

Generate ECC 384 via OpenSSL, then import into Yubikey Manager, or using the CLI with ykman piv certificates import


Expected result

Key should import


Actual results and logs

The following command runs fine:

ykman piv keys import

However, when I run

ykman piv certificates import -m "MANAGEMENT_KEY" -p "pass" 9A "Path/to/file.pfx"

I get the following error:

ERROR: An unexpected error has occuredTraceback (most recent call last):
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\ykman\_cli\__main__.py", line 364, in main
    cli(obj={})
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\click\decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\ykman\_cli\piv.py", line 804, in import_certificate
    session.put_certificate(slot, cert_to_import)
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\yubikit\piv.py", line 736, in put_certificate
    self.put_object(OBJECT_ID.from_slot(slot), data)
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\yubikit\piv.py", line 701, in put_object
    self.protocol.send_apdu(
  File "C:\Program Files\Yubico\YubiKey Manager\pymodules\yubikit\core\smartcard.py", line 206, in send_apdu
    raise ApduError(response, sw)
yubikit.core.smartcard.ApduError: APDU error: SW=0x6700

When I attempt to import using Yubikey Manager with elevated permissions, all I get is the red box with SW=0x6700


Other info

Ensured I updated all drivers, CLI, and Yubikey Manager
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Aetherinox