Although ykman piv xxxx (the cli for Yubikey Manager) could be used as a replacement for yubico-piv-tool and it does already supports this management key derivation from PIN, the fact is that a lot of the documentation uses yubico-piv-tool so it would be good if yubico-piv-tool supported this.
If there is already a decision not to support this, it would least it if could detect that the "management key derivation from PIN" is activated on the Yubikey and give a more concrete error message like "management key protected by PIN use ykman instead of yubico-piv-tool"
The PIV guide https://developers.yubico.com/PIV/Guides/Device_setup.html hints setting up the YubiKey using a management keyderived from PIN with
But after doing that
yubico-piv-toolwill fail withFailed authentication with the application: Authentication error.in commands like:The culprit is explained at https://github.com/Yubico/yubico-piv-tool/issues/153#issuecomment-401263248 where they explain the the management key derived from PIN is not supported by
yubico-piv-tool.Although
ykman piv xxxx(the cli for Yubikey Manager) could be used as a replacement foryubico-piv-tooland it does already supports this management key derivation from PIN, the fact is that a lot of the documentation usesyubico-piv-toolso it would be good ifyubico-piv-toolsupported this.If there is already a decision not to support this, it would least it if could detect that the "management key derivation from PIN" is activated on the Yubikey and give a more concrete error message like "management key protected by PIN use ykman instead of yubico-piv-tool"
Related ##153