Fixes

ykman/_cli/__main__.py

@@ -446,7 +446,7 @@ def params_f(_):
 
             elif scp11_creds:
                 # SCP11 a/c
-                if scp_kid not in (ScpKid.SCP11a, ScpKid.SCP11c, None):
+                if scp_kid and scp_kid not in (ScpKid.SCP11a, ScpKid.SCP11c):
                     raise CliFail("--scp with file(s) can only be used with SCP11 a/c")
 
                 first = scp11_creds.pop(0)

ykman/_cli/securedomain.py

@@ -88,7 +88,7 @@ def securedomain(ctx):
     ctx.obj["authenticated"] = (
         isinstance(scp_params, Scp03KeyParams)
         or isinstance(scp_params, Scp11KeyParams)
-        and scp_params.ref.kid in (ScpKid.SCP11a, ScpKid.SCP11c)
+        and scp_params.ref.kid == ScpKid.SCP11a
     )
 
     ctx.obj["session"] = session

yubikit/core/smartcard/__init__.py

@@ -42,6 +42,7 @@
     Scp11KeyParams,
     INS_EXTERNAL_AUTHENTICATE,
 )
+from yubikit.logging import LOG_LEVEL
 from enum import Enum, IntEnum, unique
 from time import time
 from typing import Tuple
@@ -264,6 +265,7 @@ def send_apdu(self, cla, ins, p1, p2, data, le, encrypt: bool = True):
         cla |= 0x04
 
         if encrypt:
+            logger.log(LOG_LEVEL.TRAFFIC, "Plaintext data: %s", data.hex())
             data = self._state.encrypt(data)
 
         # Calculate and add MAC to data
@@ -278,6 +280,7 @@ def send_apdu(self, cla, ins, p1, p2, data, le, encrypt: bool = True):
             resp = self._state.unmac(resp, sw)
             if resp:
                 resp = self._state.decrypt(resp)
+                logger.log(LOG_LEVEL.TRAFFIC, "Plaintext resp: %s", resp.hex())
 
         return resp, sw
 

yubikit/securedomain.py

@@ -273,7 +273,7 @@ def store_ca_issuer(self, key: KeyRef, ski: bytes) -> None:
         )
         logger.info("CA issuer SKI stored")
 
-    def delete_key(self, kid: int, kvn: int, delete_last: bool = False) -> None:
+    def delete_key(self, kid: int = 0, kvn: int = 0, delete_last: bool = False) -> None:
         """Delete one (or more) keys.
 
         Requires OCE verification.