Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unpair a client when no available slots #19

Open
reynico opened this issue Aug 22, 2023 · 4 comments
Open

Unpair a client when no available slots #19

reynico opened this issue Aug 22, 2023 · 4 comments

Comments

@reynico
Copy link

reynico commented Aug 22, 2023
edited
Loading

I've been playing with keycard-cli, following this tutorial. Despite I've run the commands always with a keycard-unpair {{ session_pairing_index }} command, the AvailableSlots indicator was in decrease.

Right now the card has no available slots and I have no idea how can I really unpair the slots. As a last resort, I've tried to:

./keycard-cli shell <<END
  keycard-select
  keycard-set-secrets 123 1234 dnaxx
  keycard-open-secure-channel
  keycard-verify-pin {{ session_pin }}
  keycard-unpair {{ session_pairing_index }}
END

but the API returns

cannot open secure channel without setting pairing info
@bitgamma
Copy link
Collaborator

if you do not have any pairing slot available, you will need to reset the card. You can find an example script at https://github.com/status-im/keycard-cli/blob/develop/_shell-commands-examples/01-install.sh

You can download the latest applet at https://github.com/status-im/status-keycard/releases. Please adjust the path in the script accordingly. I would also skip the installation of the NDEF applet since it is not really needed (line 13-14 of the script I sent).

I have checked the keycard-unpair command and it seems to work. The problem is that keycard-cli interrupts script execution as it encounters the first error so probably what happened is that the corresponding line was never reached for other reasons.

@reynico
Copy link
Author

reynico commented Aug 23, 2023

Thank you! I haven't seen any error messages from keycard-cli during the execution, is there any way to debug that?

@reynico
Copy link
Author

reynico commented Aug 25, 2023

The problem is that keycard-cli interrupts script execution as it encounters the first error so probably what happened is that the corresponding line was never reached for other reasons.

I've been able to reproduce it. If the requested command fails, the interrupted execution doesn't free the used slot. Is there any way to change that behavior? It seems quite problematic if somehow you end up out of available slots.

@bitgamma
Copy link
Collaborator

a PR would be welcome, but as a workaround you can unpair immediately after PIN authentication instead of the end of the script. Unpairing does not close the active securechannel so you can continue using the card until a reset

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reynico @bitgamma