Change touch policy from always to cached

This will change the key that's generated when running `yubikey-agent -setup` to a key with a touch policy of "cached". This will mean that "a touch is not needed if the YubiKey had been touched in the last 15 seconds, otherwise a touch is needed" Fixes FiloSottile#146
gene1wood · Dec 3, 2023 · 41262f2 · 41262f2
1 parent 2e5376c
commit 41262f2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/setup.go b/setup.go
@@ -140,7 +140,7 @@ func runSetup(yk *piv.YubiKey) {
 	pub, err := yk.GenerateKey(key, piv.SlotAuthentication, piv.Key{
 		Algorithm:   piv.AlgorithmEC256,
 		PINPolicy:   piv.PINPolicyOnce,
-		TouchPolicy: piv.TouchPolicyAlways,
+		TouchPolicy: piv.TouchPolicyCached,
 	})
 	if err != nil {
 		log.Fatalln("Failed to generate key:", err)