-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically verify PIN in sign_data to support always-auth keys #326
base: master
Are you sure you want to change the base?
Conversation
4c6483a
to
bfc5993
Compare
bfc5993
to
6223e9f
Compare
061b665
to
90d34bf
Compare
90d34bf
to
0ec341e
Compare
Could you please confirm that this PR would automatically prompt for PIN only when the token returns NOT_LOGGED_IN, as opposed to when the driver thinks it should...? |
This is a simplistic solution, simply verifying pin everytime something tries to perform a signature. The pin will be taken from the command line if given, otherwise it will be requested (once). Previously there was no automatic pin verification, you had to specify -averify-pin on the command line to actually verify the pin. The --pin option would only specify the pin value to be used by -averify-pin, not verify it on it's own. So -averify-pin would seem to be able to solve the problem, but the issue was that other commands would perform more than one command with the YubiKey, invalidating the PIN again for always-auth keys. With this solution there will be too many PIN verifications for normal keys, but that is not really a problem as the pin will be kept in memory. This whole reasoning only applies to yubico-piv-tool and not libykcs11. |
0ec341e
to
b7583c4
Compare
See also #338. Still considering security implications of that one. |
b7583c4
to
0c55e0b
Compare
0c55e0b
to
24bdc75
Compare
24bdc75
to
a2da92d
Compare
@qpernil any updates on this? |
@mmatuska The PR had been put on hold for a while when other issues had to be prioritized. We are, however, planing to take a closer look at this before the end of the year. |
Verify PIN in sign_data to be able to use always-authenticate keys in commands that perform more than one operation, potential fix for #321. This means -averify-pin is not needed any more, any command that signs will verify (and prompt for if not given already) the PIN automatically. The action is retained in case someone wants to just verify the PIN.