Skip to content

Commit

Permalink
PIV: Prevent --protect when in a FIPS unapproved state
Browse files Browse the repository at this point in the history
  • Loading branch information
@dainnilsson
dainnilsson committed Jul 10, 2024
1 parent 7f2f55b commit 40d9e25
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions ykman/_cli/piv.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,6 +505,11 @@ def change_management_key(
"""
session = ctx.obj["session"]

if ctx.obj["fips_unready"] and protect:
raise CliFail(
"YubiKey FIPS must be in FIPS approved mode prior to using --protect."
)

if not algorithm:
try:
algorithm = session.get_management_key_metadata().key_type
Expand Down

0 comments on commit 40d9e25

Please sign in to comment.