piv: fixes for older YubiKey versions #59

ericchiang · 2020-05-12T02:17:21Z

This change:

Introduces a fallback when creating a PrivateKey if the YubiKey
doesn't support attestation certificates.
Fixes tests for older YubiKeys.
Notes a bug in PIN caching for older YubiKeys.

Despite the spec[1], older YubiKeys don't let you determine if a PIN is
or isn't needed. This makes it impossible for the package to figure out
if a PIN is cached or we need to prompt. Add a BUG comment warning
against PINPolicyOnce for older YubiKeys.

[1]
https://csrc.nist.gov/CSRC/media/Publications/sp/800-73/4/archive/2015-05-29/documents/sp800_73-4_pt2_draft.pdf#page=20

Fixes #55

This change: * Introduces a fallback when creating a PrivateKey if the YubiKey doesn't support attestation certificates. * Fixes tests for older YubiKeys. * Notes a bug in PIN caching for older YubiKeys. Despite the spec[1], older YubiKeys don't let you determine if a PIN is or isn't needed. This makes it impossible for the package to figure out if a PIN is cached or we need to prompt. Add a BUG comment warning against PINPolicyOnce for older YubiKeys. [1] https://csrc.nist.gov/CSRC/media/Publications/sp/800-73/4/archive/2015-05-29/documents/sp800_73-4_pt2_draft.pdf#page=20

ericchiang mentioned this pull request May 12, 2020

Tests failing on older YubiKeys #55

Closed

ericchiang merged commit 2184bb6 into master May 12, 2020

ericchiang deleted the version branch May 12, 2020 02:19

This was referenced May 12, 2020

smart card error 6d00 with YubiKey 4.2.8 FiloSottile/yubikey-agent#14

Closed

piv: fix version comparisons in tests #61

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

piv: fixes for older YubiKey versions #59

piv: fixes for older YubiKey versions #59

ericchiang commented May 12, 2020

piv: fixes for older YubiKey versions #59

piv: fixes for older YubiKey versions #59

Conversation

ericchiang commented May 12, 2020