age-plugin-yubikey icon indicating copy to clipboard operation
age-plugin-yubikey copied to clipboard

Published 20 hours ago verified publisher icon str4d

Add support for AES management keys

Open str4d opened this issue 2 years ago • 3 comments
trafficstars

Once https://github.com/iqlusioninc/yubikey.rs/issues/330 is resolved, we should start using PIN-protected AES management keys for YubiKeys that support them. We should also migrate YubiKeys that we previously configured to use a PIN-protected TDES management key, if AES is supported.

str4d avatar Dec 30 '22 11:12 str4d

We want to ensure that a YubiKey set up by age-plugin-yubikey is usable with yubikey-agent, so we use the same management setup (PIN-protected management key, PUK set to PIN) as yubikey-agent. We therefore need to synchronise on AES management key usage, which means we also need to block on https://github.com/go-piv/piv-go/issues/109.

str4d avatar Jan 01 '23 17:01 str4d