Yubico
[Feat] PIV: Manage Retired Key Slots
It seems like PIV menu only allows the user to manage the first 4 slot. I was wondering if we can extend that to retired slot so that we can do basic management on those slot without the need to use PIV tools (which is for more advanced use case).
We do support Retired Key Slots Management. If the retired slots contain a certificate and/or key (i.e. are non-empty), they will be displayed and available for basic management operations such as exporting or deleting certificates, and deleting or moving keys. This feature is mainly intended for the new 5.7 firmware where you’re able to move keys between slots.
Oh, I was thinking if we could manually import keys to those retired slots for older keys without using the PIV tool.
Nothing we have planned for now, but we may add support for this in a future release.
We do support Retired Key Slots Management. If the retired slots contain a certificate and/or key (i.e. are non-empty), they will be displayed and available for basic management operations such as exporting or deleting certificates, and deleting or moving keys. This feature is mainly intended for the new 5.7 firmware where you’re able to move keys between slots.
so moving is a feature only added in 5.7? how were you supposed to do retired key management on older yubikey as iirc the slots existed even on the older Yubikey 5s maybe even the 4 series.
