yubikey.rs
yubikey.rs copied to clipboard
PIV: Support AES management keys
Historically, YubiKey's PIV applet only supported 3DES management keys. However, YubiKeys with firmware 5.4 and up (produced starting from May 2021) support AES-128, AES-192, and AES-256 management keys, which are allowed at least as early as NIST SP 800-78-2 (released in 2010).
We should add support for AES management keys, to enable people who want to migrate away from the default 3DES keys to do so.