Doesn't detect touch request by PIV module #22
Comments
|
Hello! This is not implemented, simply because I never used PIV module, but I definitely want to support this 🙂 Right now GPG detection is based on a bunch of hacks, ideally we should find a way to support CCID protocol, just like we already do with FIDO, then both GPG and PIV detection would just work. Problem is - I don't know enough of such low level stuff to implement this 😬 In any case, do you have a simple way to reproduce for me, what is the simplest command I could run to trigger touch request? |
|
Generate a cert in 9a slot with touch policy enabled and open this https://server.cryptomix.com/secure/ |
|
Coming to think about it maybe it's less useful for traditional HTTPS flow, because depending on a setup it may require a touch for any and all requests, which will render the key unusable. Having said that, PIV detection would not be completely superfluous because I believe there are circumstances where this will still be useful, even for HTTPS (cert is only required for a "login" page that sets a cookie or somesuch). |
|
Just a note, if you use PIV module for GPG, e.g using https://github.com/alonbl/gnupg-pkcs11-scd, then you will still get notified properly. |
Apologies for me being unclear whether the PIV is supported and I'm experiencing a bug or is this a planned feature?
The text was updated successfully, but these errors were encountered: