diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo index ec984ff..eefa59d 100644 --- a/tool/cmdline.ggo +++ b/tool/cmdline.ggo @@ -27,7 +27,7 @@ option "verbose" v "Print more information" int optional default="0" argoptional option "reader" r "Only use a matching reader" string optional default="Yubikey" -option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" +option "key" k "Authentication key to use" string optional default="010203040506070801020304050607080102030405060708" argoptional option "action" a "Action to take" values="version","generate","set-mgm-key", "reset","pin-retries","import-key","import-certificate","set-chuid", "request-certificate","verify-pin","change-pin","change-puk","unblock-pin", diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index a86e88a..0ae43f9 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -1754,7 +1754,16 @@ int main(int argc, char *argv[]) { if(needs_auth) { unsigned char key[KEY_LEN]; size_t key_len = sizeof(key); - if(ykpiv_hex_decode(args_info.key_arg, strlen(args_info.key_arg), key, &key_len) != YKPIV_OK) { + char keybuf[KEY_LEN*2+1]; + char *key_ptr = args_info.key_arg; + if(args_info.key_given && args_info.key_orig == NULL) { + if(!read_pw("management key", keybuf, sizeof(keybuf), false)) { + fprintf(stderr, "Failed to read management key from stdin,\n"); + return EXIT_FAILURE; + } + key_ptr = keybuf; + } + if(ykpiv_hex_decode(key_ptr, strlen(key_ptr), key, &key_len) != YKPIV_OK) { fprintf(stderr, "Failed decoding key!\n"); return EXIT_FAILURE; }