Improve support for YK5

main.go

@@ -25,32 +25,43 @@ func setPassword(s *ykoath.Select) error {
 
 	bytePassword, err := term.ReadPassword(syscall.Stdin)
 	if err != nil {
-		slog.Error("failed reading password from input")
+		return fmt.Errorf("failed reading password from input: %w", err)
-
-		return err
 	}
 
-	// get password
+	password := string(bytePassword)
-	key := s.DeriveKey(string(bytePassword))
 
+	// get key
+	key := s.DeriveKey(password)
+
+	// verify password is correct with a validate call
 	ok, err := oath.Validate(s, key)
 	if err != nil {
-		return err
+		return fmt.Errorf("error in validate: %w", err)
 	}
 
 	if !ok {
 		return errFailedValidation
 	}
 
-	return keyring.Set(
+	err = keyring.Set(
 		serviceName,
 		s.DeviceID(),
-		string(key),
+		password,
 	)
+	if err != nil {
+		return fmt.Errorf("error saving password in keyring: %w", err)
+	}
+
+	return nil
 }
 
-func getPassword(s *ykoath.Select) (string, error) {
+func getPasskey(s *ykoath.Select) ([]byte, error) {
-	return keyring.Get(serviceName, s.DeviceID())
+	password, err := keyring.Get(serviceName, s.DeviceID())
+	if err != nil {
+		return nil, fmt.Errorf("error retrieving key from keyring: %w", err)
+	}
+
+	return s.DeriveKey(password), nil
 }
 
 func main() {
@@ -88,15 +99,17 @@ func main() {
 
 	// If required, authenticate with password from keychain
 	if s.Challenge != nil {
-		passKey, err := getPassword(s)
+		passKey, err := getPasskey(s)
 		slog.FatalOnErr(err, "failed retrieving password key")
 
-		ok, err := oath.Validate(s, []byte(passKey))
+		ok, err := oath.Validate(s, passKey)
 		slog.FatalOnErr(err, "validation failed")
 
 		if !ok {
 			slog.Fatal("failed validation, password is incorrect")
 		}
+	} else {
+		slog.Debug("no challenge required")
 	}
 
 	if flag.Arg(0) == "list" {

ykoath

@@ -1 +1 @@
-Subproject commit b083034539df4a37cb676af7afd7abd3d9f3ec4f
+Subproject commit fd081cb213d030585bfdd03305e03bff4d6e7a09