tusing
commented
2 years ago This issue is solved in https://github.com/FiloSottile/yubikey-agent/pull/53. I was able to successfully retrieve and change my management key after building it.
Open dupuy26 opened 2 years ago
tusing
commented
2 years ago This issue is solved in https://github.com/FiloSottile/yubikey-agent/pull/53. I was able to successfully retrieve and change my management key after building it.
0xrnair
commented
1 year ago This issue is solved in #53. I was able to successfully retrieve and change my management key after building it.
Hi, do you have an example on how you retrieved your management key with piv-go ?
dupuy26
commented
11 months ago The fix in #53 was to add an option to yubikey-agent, not to modify piv-go. So there is as yet no way to get the management key with piv-go.
Since #53 was closed without merging, the only way to retrieve the management key would be to checkout https://github.com/wlcx/yubikey-agent/commit/ae6cd1498270fa419f00a12ca43a320f0cd40682 from wicx's fork of yubikey-agent and build that, then run the command yubikey-agent -get-management-key.
The use of the retired key slots of PIN protected metadata to store a randomly generated management key is a nice hack and better than the Yubikey management keys derived from the PIN.
But other tools (like ykman) don't support this hack, and with no way to get the management key it is hard to use the extra PIV slots for other purposes. It would be very helpful to have some way to retrieve the management key.