ykksm-import: unable to update an existing key entry (updated)

[jerichod505]

folks:
the ykksm-import command line command fails when trying to insert (e.g. update) an existing key. this is correct behavior for the SQL insert command, but leaves me unable to re-program an existing key's values - which i need to do occasionally.

I have modified my local copy of ykksm-import to add a -f flag to overwrite an existing key, leaving the default behavior unchanged.

here are my questions:
a) anybody else encounter this issue? am i missing some other way to update the KSM when you re-provision the same serial number key?

b) i am not much of a git expert, perl or mysql programmer, but am happy to post my modified version up here, if folks would find it useful. let me know if so, and where would be best to put it.

thanks...

[jerichod505]

Update 6/3/14 -
i posted this note about modifying ykksm-import a bit too early. after testing it more i discovered that there is more to reprogramming a key that uses the same public id but different private identity and aes keys - the ykvla/yubikeys table, which holds counters and the nonce, needs to have its row corresponding to the yubikey public id cleared as well.

i am stepping back from modifying ykksm-import, since it would now modify two tables. bad idea. instead i am thinking about a tool to 'cleanup' and reset the databases for a reprogramed key of the same serial number. the current web admin system does not do this...

i would appreciate any thoughts from yubikey on this....
thanks.

[klali]

So.. From the way the projects are used at Yubico a public id may never be reused (as can be witnessed by the complete lack of support to reset/overwrite).
Generally it's recommended to go that path and use a new public id every time.

/klas

[jas4711]

As you noticed it is a bad idea to do this, since ykval will be confused. We could consider supporting this with a -f flag or something, but I don't think it makes sense (people who need this can modify the database directly).