[KNOWN ISSUE] FIPS YubiKey 5.7+: TryChangeManagementKey() fails due to incorrect default key algorithm (TDES instead of AES192)
Closed this issue · 0 comments
DennisDyallo commented
Problem
For a FIPS series Yubikey v5.7 and greater, the following line will currently not work and throw an exception with the status code 0x6A80.
pivSession.TryChangeManagementKey();
Reason
This is because the v5.7 and FIPS key require the management key to be of type AES192. The above code is a default overload which naively assumes the default key should be TripleDes (TDES).
Workaround
Change your code to this, explicitly stating which type of management key you want to use, and it will work.
pivSession.TryChangeManagementKey(PivTouchPolicy.Default, PivAlgorithm.Aes192);
We are aware of this issue and will issue a fix in the next release.