cached touch policy

[deadc0de6]

Is there a way to set the touch policy to cached when using a yubikey for pgp and ssh ?

Found a way to do it for PIV (https://developers.yubico.com/PIV/Introduction/Yubico_extensions.html) but ykman doesn't seem to provide that option.

[emlun]

Sorry, no, there isn't. The hardware supports this for PIV only. We might add this feature (still for PIV only) to ykman sometime, but nothing is decided about it at this point.

[emlun]

Wait, sorry, actually it's already implemented in ykman. Still only for PIV, though.

[deadc0de6]

ok thanks

[tyhicks]

@emlun can you point me in the right direction for requesting hardware support of cached touch policy for OpenPGP? It makes sense that this ykman issue was closed out since the hardware support isn't there so I think the next step is to request hardware support.

[dagheyman]

@tyhicks Happy to inform you that any device with firmware version 5.2.3 or higher supports cached touch policy for OpenPGP. You'll need ykman 3.1.0 to set it.

[tyhicks]

@dagheyman That's great to hear! I'll have to upgrade to a 5 series device sometime soon and give it a shot. Thanks!