-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yubikey support! #108
Comments
I want to get the balance right between "I just took a yubikey out of a box and want to start using it to sign things" with more advanced yubikey users/workflows where they might be reusing the same hardware for FIDO2/U2F etc., or they have specially provisioned corporate yubikeys that have already been setup with a fixed management key. |
Also, I'd hope most of this logic ends up in the http://github.com/sigstore/sigstore client/libraries so it can be used for all artifact types! |
I see what you mean. On the one hand it's nice to be able to set this up for users, that is a really good UX. On the other, if we get them to set up using the upstream tool, we won't get any blowback if they can no longer log into their bank. Perhaps a warning?
|
I know this is super hacky, but feel free to borrow any ideas from it: https://github.com/OR13/lds-pgp2021/blob/main/bin/cli.js#L134 I have tested it with Yubikey. |
I think one might be even more explicit and say something like:
Yubikeys usually have two slots, so there's always the option of using slot #2 by default, but even then one can't assume it's not already configured :) |
Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com>
Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com>
Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com>
Co-authored-by: red-hat-trusted-app-pipeline <123456+red-hat-trusted-app-pipeline[bot]@users.noreply.github.com>
We should be able to support storing keys in yubikeys!
https://github.com/go-piv/piv-go
https://github.com/go-piv/go-ykpiv
The text was updated successfully, but these errors were encountered: