You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
age --decrypt -i <identity-1> -i <identity-2> FILE
The problem is:
If I have the yubikey with <identity-1> plugged in, it works, but if I have the one with <identity-2> it does not.
Executing the above command manually brings up a popup to choose between skipping the yubikey or inserting it and trying it again, so I got this error:
age: warning: could not read value for age-plugin-yubikey: standard input is not a terminal, and /dev/tty is not available: open /dev/tty: no such device or address
age: error: yubikey plugin: Could not open YubiKey with serial <serial>
If I change the order to (still: yubikey with <identity-2> is plugged in), it works:
age --decrypt -i <identity-2> -i <identity-1> FILE
Could this be handled to make the decryption successful if any of the provided identities are ok? Am I missing something?
The text was updated successfully, but these errors were encountered:
The underlying issue is the interactive prompt generated when the plugin fails to find the YubiKey for the identity it is attempting to use.
i.e.
Please insert YubiKey with serial xxxxxxxx (press [1] for "YubiKey is plugged in" or [2] for "Skip this YubiKey")
I would have voiced my desire for this prompt to be made optional, with the alternative being automatically skip an indentoity if the YubiKey it is associated to is not present.
However, I think doing so would cause another issue whereby the PIN would be required for each decryption (at least for all but the first key in the identity file). I imagine the issue arises from an attempt to access a key that is not present closing the existing session on the present key (see also).
Hello,
Thanks for this plugin!
My scenario is:
age-plugin-yubikey --list-all
)age-plugin-yubikey --identity
)For this, I am using https://github.com/ryantm/agenix and I realized it does the following:
The problem is:
If I have the yubikey with
<identity-1>
plugged in, it works, but if I have the one with<identity-2>
it does not.Executing the above command manually brings up a popup to choose between skipping the yubikey or inserting it and trying it again, so I got this error:
If I change the order to (still: yubikey with
<identity-2>
is plugged in), it works:Could this be handled to make the decryption successful if any of the provided identities are ok? Am I missing something?
The text was updated successfully, but these errors were encountered: