From 8bea5697d4462f325e2b15274e1c9dc97f1351b7 Mon Sep 17 00:00:00 2001 From: nestire Date: Tue, 21 May 2024 13:24:36 +0200 Subject: [PATCH 1/2] bump hotp version to 1.6 Signed-off-by: nestire --- modules/hotp-verification | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/hotp-verification b/modules/hotp-verification index 6085a7680..14957e74b 100644 --- a/modules/hotp-verification +++ b/modules/hotp-verification @@ -2,12 +2,12 @@ modules-$(CONFIG_HOTPKEY) += hotp-verification hotp-verification_depends := libusb $(musl_dep) -# v1.5 -hotp-verification_version := 70c04f51387eee8f777e943ba83b6405764a3cd2 +# v1.6 +hotp-verification_version := e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 hotp-verification_dir := hotp-verification-$(hotp-verification_version) hotp-verification_tar := nitrokey-hotp-verification-$(hotp-verification_version).tar.gz hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(hotp-verification_version).tar.gz -hotp-verification_hash := 5244b6b514117f955a03be2363fd51567a125cb8dc904d1bd89351be27eb8bb3 +hotp-verification_hash := 480c978d3585eee73b9aa5186b471d4caeeeeba411217e1544eef7cfd90312ac hotp-verification_target := \ $(MAKE_JOBS) \ From ea05b1ed4528f754abe14fcf11118426909ae82f Mon Sep 17 00:00:00 2001 From: nestire Date: Tue, 21 May 2024 13:34:00 +0200 Subject: [PATCH 2/2] extent hotp error message for nitrokeys Signed-off-by: nestire --- initrd/bin/seal-hotpkey | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey index a0cb1ddad..c6d68efb1 100755 --- a/initrd/bin/seal-hotpkey +++ b/initrd/bin/seal-hotpkey @@ -138,12 +138,16 @@ if [ "$admin_pin_status" -ne 0 ]; then if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" ; then # don't leak key on failure shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null - fatal_error "Setting HOTP secret failed" + if [ "$HOTPKEY_BRANDING" == "Nitrokey" ]; then + fatal_error "Setting HOTP secret failed, to reset nitrokey pin use: nitropy nk3 secrets reset or the Nitrokey App 2" + else + fatal_error "Setting HOTP secret failed" + fi fi fi else # remind user to change admin password - echo -e "\nWARNING: default GPG admin PIN detected: please change this as soon as possible." + echo -e "\nWARNING: default admin PIN detected: please change this as soon as possible." fi # HOTP key no longer needed