-
-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attestation cert failure when generating key locally #91
Comments
The attestation certificate is necessary to extract the PIN policy of the slot. If there is a way to obtain it for imported keys, you should open an issue or PR with piv-go. If not, the best we can do is hardcode it, and it's unclear to what value. Note that imported keys are not officially supported. |
@FiloSottile - would you be open to a command line flag to override the PIN policy? That way if the user imported a key, or is using an old Yubikey where piv-go is forced to assume PINPolicyAlways, the user can specify what the actual PIN policy is. Based on a quick look through, the only change would be getting the flag value into If you think that's reasonable, I'd be happy to submit a PR for that |
Hey folks,
I generated an ECDSA 256 key + certificate locally and added them to my Yubikey. Now, when trying to use
yubikey-agent
, I get this error:failed to prepare private key: get attestation cert: data object or application not found
I assume this has something to do with my key not being generated on-device. Is there any way to get around this?
Thanks.
The text was updated successfully, but these errors were encountered: