-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use ykman
instead of yubikey-personalization
#101
Comments
Yes, that is something we can/should do. |
I'm probably being a bit obtuse right now, but didn't
Agreed, that would be nice. Although that begs the question: Which of the two yubikey packages should be a dependency, and which should be an optional dependency? Or should we specify both as optdepends? |
No, ykchalresp can take anything up to 64 byte length, it doesn't need to be hex. I used sha256 only because this way it's always a valid challenge while user typed one longer than 64 byte won't be valid. In my testing the responses for the same challenge are different though which makes this a no-go as it breaks all current users:
|
BTW: there is https://github.com/Frederick888/ykchalresp-nfc which we support to some degree. |
That output looks strange. What could produce that difference? |
I found the fact ykman encodes challenge as hex is the answer. If I call ykchalresp in hex mode then the output matches:
In default mode those tools aren't compatible with each other. I think backward compatibility is crucial so ykman support could be only introduced as opt-in. |
I agree - and thanks for looking into it. We would need to make it backwards compatible. |
Note that in Arch ykman (yubikey-manager) package depends on yubikey-personalization so all users always need them both installed. |
I don't see why that dependency is defined as such. These specific tools don't have a dependency per se. |
I've looked into that – it was needed until a while ago, now the dependency is unused and will probably be removed sooner or later: https://bugs.archlinux.org/task/73290 |
I added commit #103 please test it. |
My patch keeps old challenge working and therefor, it can replace yk-personalization. |
Currently, this project uses the YubiKey Personalization Tool which is no longer under active development. It would be nice for
yubikey-full-disk-encryption
to instead use YubiKey Manager which has more features. I would be especially interested in this because the YubiKey Personalization Tool does not seem to support NFC, which I need.Would you be willing to merge a pull request that implements this? I'm currently a bit busy, but I might be able to get this done in a few weeks.
The text was updated successfully, but these errors were encountered: