Yubikey enhancement: adds feature set to support multiple slots #474
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bsingh-kpt
force-pushed
the
yubikey_enhancements
branch
from
6f13d7e to
5d65e54
Compare
Owner
|
Generally, this is one large PR to support multiple features. Splitting things would be much easier to review. |
Foxboron
requested changes
Nov 1, 2025
bsingh-kpt
force-pushed
the
yubikey_enhancements
branch
4 times, most recently
from
2dc811e to
e54db7d
Compare
Author
|
@Foxboron Did you had the time to test the changes? |
Owner
|
I haven't had time. Sorry. The PR is not super high on my list as the code is a big hard to review and the commit is doing several things. The description is also point list which is not great. It would be nicer if there where multiple commits describing each atomic change. |
Following features are implemented: 1. Multiple slots of yubikey can be used 2. Algorithm support for RSA2048 and RSA3072 for yubikey type only 3. --keytype options enhancement. For yubikey and for each key type SB hierarchy algorithm and slot can be specified. For example, to create a RSA3072 key in slot 9a, --keytype yubikey:RSA3072:9a can be used. Different algorithm and slot can be chosen for each SB key type 4. Subject DN in openssl style can also be specified for certificate generation for each key type 5. KeyConfig is enahanced to support Algorithm and slot for yubikey type only 6. Added key file existence check so that only missing keys are created with create-keys command and avoids unintentional key overwrite 7. Check key certificate first in yubikey and then fallback to its attestation cert if key cert is missing 8. Also supports yubikey retired key slots 9. Adds --prompt option to enable pin prompt for yubikey 10. Adds custom management key support when default is replaced
bsingh-kpt
force-pushed
the
yubikey_enhancements
branch
from
e54db7d to
49ae129
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Following features are implemented: