add flags to specify slot, PIN, and touch policies for security keys #369

ddz · 2021-06-14T01:21:07Z

This permits flexibility to use different PIN and touch policies
for container signing. Key generation will use the default PIN
and touch policies for the specified slot unless additional flags
are set to attempt to override the default. The security key is
not guaranteed to honor a particular PIN and touch policy for the
specified slot.

Signed-off-by: Dino A. Dai Zovi ddz@theta44.org

This permits flexibility to use different PIN and touch policies for container signing. Key generation will use the default PIN and touch policies for the specified slot unless additional flags are set to attempt to override the default. The security key is not guaranteed to honor a particular PIN and touch policy for the specified slot. Signed-off-by: Dino A. Dai Zovi <ddz@theta44.org>

dlorenc · 2021-06-14T01:48:14Z

Nice! Just pulled your branch and ran the yubikey tests that don't work in CI:

$ go test ./test -tags=resetyubikey,e2e,pivkey -count=1
ok      github.com/sigstore/cosign/test 19.086s

ddz · 2021-06-14T12:21:57Z

Thank you for the quick response and merge!

dlorenc approved these changes Jun 14, 2021

View reviewed changes

dlorenc merged commit 9de98f9 into sigstore:main Jun 14, 2021

cpanato added this to the v0.6.0 milestone Jun 14, 2021

ddz deleted the ddz/add-piv-slot-flag branch June 27, 2021 16:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add flags to specify slot, PIN, and touch policies for security keys #369

add flags to specify slot, PIN, and touch policies for security keys #369

ddz commented Jun 14, 2021

dlorenc commented Jun 14, 2021

ddz commented Jun 14, 2021

add flags to specify slot, PIN, and touch policies for security keys #369

add flags to specify slot, PIN, and touch policies for security keys #369

Conversation

ddz commented Jun 14, 2021

dlorenc commented Jun 14, 2021

ddz commented Jun 14, 2021