Setup fails with changed defaults in recent Yubikeys

[upsj]

More recent Yubikey firmwares seem to default to AES instead of 3DES for the PIV management key, which causes the key generation to fail with a nondescript error message ‼️ The default Management Key did not work

This is currently being discussed in https://github.com/go-piv/piv-go/issues/146, but in the meantime, https://github.com/sigstore/cosign/issues/3742 provides a workaround how to switch back to 3DES

[Natorator]

Can confirm. This just happened to me on a new Yubikey 5 nano firmware v5.7.1. The linked workaround solved the problem.