You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
step-ca or step-kms-plugin fails to sign with a key imported into the yubikey. The cause of this is because we attest the slot to get the public key. We also support the workaround of getting the certificate in the same slot. But we can easily support imported keys without the workaround if we use KeyInfo to get the public key, it would be something something like this:
func (k*YubiKey) getPublicKey(slot piv.Slot) (crypto.PublicKey, error) {
ki, err:=k.yk.KeyInfo(slot)
iferr!=nil {
returnnil, err
}
// not use if this can be nilifki.PublicKey==nil {
returnnil, errors.New("error retrieving public key")
}
returnki.PublicKey, nil
}
KeyInfo is only supported on YubiKeys with a version >= 5.3.0, so we might need to fallback to Attest and Certificate.
The text was updated successfully, but these errors were encountered:
Description
step-caorstep-kms-pluginfails to sign with a key imported into the yubikey. The cause of this is because we attest the slot to get the public key. We also support the workaround of getting the certificate in the same slot. But we can easily support imported keys without the workaround if we use KeyInfo to get the public key, it would be something something like this:KeyInfo is only supported on YubiKeys with a version >= 5.3.0, so we might need to fallback to Attest and Certificate.
The text was updated successfully, but these errors were encountered: