Add support for AES management keys
str4d opened this issue · 1 comments
str4d commented
Once iqlusioninc/yubikey.rs#330 is resolved, we should start using PIN-protected AES management keys for YubiKeys that support them. We should also migrate YubiKeys that we previously configured to use a PIN-protected TDES management key, if AES is supported.
str4d commented
We want to ensure that a YubiKey set up by age-plugin-yubikey
is usable with yubikey-agent
, so we use the same management setup (PIN-protected management key, PUK set to PIN) as yubikey-agent
. We therefore need to synchronise on AES management key usage, which means we also need to block on go-piv/piv-go#109.