No UI elements to configure touch capabilities

Question

No UI elements to configure touch capabilities

Closed this issue 7 years ago · 6 comments

So one must use the CLI version for the most important feature of YK.

Answer 1 · 2017-04-02T11:15:38.000Z

The feature is actually present in the GUI, but disabled by default for some reason unknown to me.
To enable it, just add this value to the registry:

HKEY_LOCAL_MACHINE\Software\Yubico\YubiKey PIV Manager\touch_policy_slots
REG_MULTI_SZ
"9a", "9c", "9d", "9e"

Answer 2 · 2017-04-18T16:28:58.000Z

Update: I have created a GUI that can unlock the Touch and PIN policies (and control some other settings) in the form of an Administrative Template.

Answer 3 · 2018-08-08T10:26:33.000Z

I didn't find "Yubico" node in hierarchy under HKEY_LOCAL_MACHINE, but found it under HKEY_CURRENT_USER.

Didn't work when I entered the values:

Also treid without the quotes. Where in the PIV manager am I supposed to see the touch policy? I don't see it in:

Main view
File > Settings
Certificates > Authentication (I have a pre-existing certificate, if that makes any difference)
Manage device PINs

I am running PIV manager 1.4.2 on Windows 10.

Answer 4 · 2018-08-08T10:55:14.000Z

The PIN and Touch policies are only available while generating or importing a new private key. For security reasons, they cannot be changed afterwards.

Answer 5 · 2018-08-08T11:10:31.000Z

Ok, makes sense now that you mentioned the security reasons - that it's only available for key generation and import.

I found it and managed to get it to work, thanks @MichaelGrafnetter, you're awesome! 👍

Answer 6 · 2018-08-09T11:13:23.000Z

Thank you @MichaelGrafnetter for answering this! Looks like we can close this issue; you're welcome to re-open it if there's something more to discuss.