On 2022/06/01 23:06, Pascal Stumpf wrote:
> The first part is an update of py-fido2 to 0.9.3. The second part
> updates yubikey-manager to 4.0.8 and makes it use the py-fido2 port
> again. Contrary to the comment in py-fido2, this does not require an
> update of py-click.
I updated that comment, you will need to cvs up and merge.
I'm OK with updating py-fido (the current yubikey-manager port doesn't
use it so there's no problem on that front).
> With this, I can manage the FIDO application on my YubiKey, set a
> PIN and find out if there's an SSH key stored. I can also access what
> is there in terms of OpenPGP and PIV functionality. That's an improvement.
I have 5C (5.43 firmware) and NEO (3.34); in both 3.1.2 and 4.0.8 I can run
one fido command but that's all, any further attempt to use fido commands
fails until I disconnect/reconnect the device.
OpenPGP, PIV, OATH, OTP work for me with both 3.1.2 and 4.0.8.
The only difference I have noticed between the two versions is OTP no
longer working in 4.x; I don't see that it has fixed anything that didn't
work before for me.
> However, OTP slot management does not work anymore. That's a
> regression. The reason is that ykman now tries to access this
> functionality via the raw uhid device on Linux and there's no backend to
> do this on OpenBSD.
For me that's a show-stopper for the update.
> Even if one were to write a backend mimicking the
> functionality, it would require chown'ing device nodes.
I am going to ignore this because it is no different with either version
and I will probably say something that gets me yelled at.
> I don't know if updating it is a good idea.
At this stage I don't think so, though I wouldn't object to adding
it as yubikey-manager-4.xx in security/yubico/yubikey-manager4
alongside the existing 3.x.
No comments:
Post a Comment