Some way to get randomly generated management key

[dupuy26]

The use of the retired key slots of PIN protected metadata to store a randomly generated management key is a nice hack and better than the Yubikey management keys derived from the PIN.

But other tools (like ykman) don't support this hack, and with no way to get the management key it is hard to use the extra PIV slots for other purposes. It would be very helpful to have some way to retrieve the management key.

[tusing]

This issue is solved in #53. I was able to successfully retrieve and change my management key after building it.

[0xrnair]

This issue is solved in #53. I was able to successfully retrieve and change my management key after building it.

Hi, do you have an example on how you retrieved your management key with piv-go ?

[dupuy26]

The fix in #53 was to add an option to yubikey-agent, not to modify piv-go. So there is as yet no way to get the management key with piv-go.

Since #53 was closed without merging, the only way to retrieve the management key would be to checkout wlcx@ae6cd14 from wicx's fork of yubikey-agent and build that, then run the command yubikey-agent -get-management-key.