Can't remove credential with fido2-token (throws error)

[solsticedhiver]

Hi. I have a brand new Security Key 5 by Yubico.

I have tested it on webauth.io and I am now trying to remove that credential.
However this fails:

 $ fido2-token -L
/dev/hidraw5: vendor=0x1050, product=0x0402 (Yubico YubiKey FIDO)
$ fido2-token -L -r /dev/hidraw5
Enter PIN for /dev/hidraw5: 
00: dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA= webauthn.io
$ fido2-token -D -i 'dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA=' /dev/hidraw5
Enter PIN for /dev/hidraw5: 
fido2-token: fido_credman_del_dev_rk: FIDO_ERR_NO_CREDENTIALS

Is there something wrong with fido2-token? Is it me because I am doing it wrong? How to do it then?

What else can I use to remove that credential? It did not seem possible at all with yubikey-manager, neither with yubkey-personalisation.

Thanks

[LDVG]

Hi,

fido2-token -L -r produces a list of relying parties with discoverable credentials on the device. The identifier that you've copied is the hash of the RP ID, but you need to pass the Credential ID to fido2-token -D -i.

$ # Produce a list of relying parties with discoverable credentials on the devce:
$ fido2-token -L -r /dev/hidraw8
Enter PIN for /dev/hidraw8:
00: dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA= webauthn.io

$ # Produce a list of discoverable credentials for a particular RP
$ fido2-token -L -k webauthn.io /dev/hidraw8
Enter PIN for /dev/hidraw8:
00: JsZc3mmQQy4S52G6fAMwjFn2t4yrImsmFtYGcVqo9gEF7ke5Gz9XXHZoVEtKQMvg foobar OUh4NTZLNnJpeUtGblVCQXo0TjF4RDJGWHRRbE1VM3ZfenIyS3Z4OVhJdw== es256 uvopt+id

$ # Delete a credential with a particular credential ID
$ fido2-token -D -i JsZc3mmQQy4S52G6fAMwjFn2t4yrImsmFtYGcVqo9gEF7ke5Gz9XXHZoVEtKQMvg /dev/hidraw8
Enter PIN for /dev/hidraw8:

$ fido2-token -L -k webauthn.io /dev/hidraw8
Enter PIN for /dev/hidraw8:
fido2-token: fido_credman_get_dev_rk: FIDO_ERR_NO_CREDENTIALS

Hope this helps!

[solsticedhiver]

ooooK. It's a 2 steps process. I did not read carefully enough the man page, it seems.

Thank you very much