No ability to target a specific Yubikey with more than one Yubikey connected.
dnesting opened this issue · 5 comments
Opening a new request per #287 for my use case. I also have situations where I need to work with multiple YubiKeys simultaneously. The recommended option in the linked issue is to use list-readers, however this is my situation:
$ yubico-piv-tool -a list-readers
Yubico YubiKey FIDO+CCID 01
Yubico YubiKey FIDO+CCIDThe 01 appears to be added to give some way of disambiguating, but it doesn't actually work. Both strings above connect to the same Yubikey (maybe it's just doing a prefix match?) and even if it worked, it won't be stable since it depends on what order keys are found in, and whether the second Yubikey uses the same string as the first.
Is it possible to select based on serial number? This is an obvious unique identifier that's printed on the side of my Yubikeys and would be easy for me to incorporate into my workflow. I could even have my automation validate the right Yubikey was inserted and eliminate one type of issue caused by human error.
You can specify exact match by prefixing with the at-sign '@', by default it does substring match. The '01' part is added by the PCSC subsystem outside of yubico-piv-tool's control. How it makes reader names unique depends on the PCSC subsystem, i.e. pcsc-lite, Windows or the macos pcsc-compatible API.
You are right that it is not stable, and selecting by serial would be a nice added feature. However, the list is stable as long as you don't remove or insert usb devices recognized as smart card readers by PCSC.
@dnesting is your use case solved by the above (modulo the stability caveat) for now ?
It doesn't, but I've worked around the issue for now. One of my use cases involves provisioning, so I can't just leave keys in the device. If this becomes worth the squeeze I might look into a PR. Thanks for the response.
Ok, closing this issue now. Thanks for reporting.