polhenarejos/pico-fido

can not backup keys

jpph opened this issue · 2 comments

jpph commented

I try to backup the private key in my genuine raspberry pico microusb , and got this error :

C:\Users\xxxx\Downloads\pico-fido-main\tools>python pico-fido-tool.py -p 123456 backup save dummy
Pico Fido Tool v1.6
Author: Pol Henarejos
Report bugs to https://github.com/polhenarejos/pico-fido/issues


Traceback (most recent call last):
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 469, in <module>
    run()
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 466, in run
    main(args)
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 460, in main
    backup(vdr, args)
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 424, in backup
    vdr.backup_save(args.filename)
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 255, in backup_save
    ret = self._call(
          ^^^^^^^^^^^
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 244, in _call
    return self.ctap.vendor(cmd, sub_cmd, params, pin_uv_protocol, pin_uv_param)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 173, in vendor
    return self.send_vendor(
           ^^^^^^^^^^^^^^^^^
  File "C:\Users\xxxx\Downloads\pico-fido-main\tools\pico-fido-tool.py", line 136, in send_vendor
    raise CtapError(status)
fido2.ctap.CtapError: CTAP error: 0x33 - PIN_AUTH_INVALID

tryed with linux/ windows , same issue ...

polhenarejos commented

Backup command is not meant for backing up resident keys. This is not allowed by the FIDO Alliance.

What backup command does is a backup of the master key used to crypt the content of of your device. This master key prevents from unwanted access to your device if you loose or leave unattended.

Did you enable secure command? pico-fido-tool.py secure enable. Once enabled, you can then backup the master key. Note that if you enable security, your device will be tied to your computer and it will be necessary to call unlock when you plug in. It will not work in any other machine.

If you just need to backup the flash memory, you can do it with Raspberry tools.

  • 👍1
jpph commented

ok I understand. Thank you for the explanation
(yes, I didn't use the secure enable and unlock, but ayway it is not useful to me)

  • 👍1