Add support for AES management keys

Question

Add support for AES management keys

str4d opened this issue 2 years ago · 1 comments

Once iqlusioninc/yubikey.rs#330 is resolved, we should start using PIN-protected AES management keys for YubiKeys that support them. We should also migrate YubiKeys that we previously configured to use a PIN-protected TDES management key, if AES is supported.

Answer 1 · 2023-01-01T17:07:19.000Z

We want to ensure that a YubiKey set up by age-plugin-yubikey is usable with yubikey-agent, so we use the same management setup (PIN-protected management key, PUK set to PIN) as yubikey-agent. We therefore need to synchronise on AES management key usage, which means we also need to block on go-piv/piv-go#109.