search

Yubico / yubikey-manager-qt

Cross-platform application for configuring any YubiKey over all USB interfaces.
https://developers.yubico.com/yubikey-manager-qt/
BSD 2-Clause "Simplified" License
237 stars 29 forks source link

Enabling or disabling multiple NFC or USB interfaces at once using ykman config #298

Open sunknudsen opened 3 years ago

sunknudsen commented 3 years ago

Is it possible to enable or disable multiple NFC or USB interfaces at once using ykman config nfc or ykman config usb?

When running ykman config usb --enable multiple times in a row, Error: No YubiKey detected! is thrown.

ykman config usb --enable OTP --force
ykman config usb --enable U2F --force
ykman config usb --enable FIDO2 --force
ykman config usb --enable OATH --force
ykman config usb --enable PIV --force
ykman config usb --enable OPENPGP --force
ykman config usb --enable HSMAUTH --force
Error: No YubiKey detected!
Error: No YubiKey detected!

I tried following and neither worked.

$ ykman config usb --enable "OTP,U2F" --force
Usage: ykman config usb [OPTIONS]
Try 'ykman config usb -h' for help.

Error: Invalid value for '-e' / '--enable': invalid choice: OTP,U2F. (choose from OTP, U2F, FIDO2, OATH, PIV, OPENPGP, HSMAUTH)
$ ykman config usb --enable "OTP U2F" --force
Usage: ykman config usb [OPTIONS]
Try 'ykman config usb -h' for help.

Error: Invalid value for '-e' / '--enable': invalid choice: OTP U2F. (choose from OTP, U2F, FIDO2, OATH, PIV, OPENPGP, HSMAUTH)

“Feature” would be amazing to increase speed of scripted YubiKey provisioning given sleep has to be used otherwise (unless I am missing something).

$ for interface in OTP U2F; do ykman config usb --enable $interface --force; sleep 1; done
dainnilsson commented 3 years ago

The reason repeated invocations to config may fail is that it requires the YubiKey to reboot, which in turn causes the OS to have to re-enumerate the device, and sometimes takes a while.

You can repeat the -e/--enable option, as well as combine it with -d/--disable (which can also be repeated), so you can do things like ykman config usb --enable otp --enable u2f or ykman config usb -d otp -e u2f -e fido2 -d piv.

sunknudsen commented 3 years ago

@dainnilsson I didn’t know we could repeat --enable and --disable arguments and mix them. Thanks for sharing! Amazing!

sunknudsen commented 3 years ago

Curious, would it be possible to have ykman optionally wait for YubiKey reboot before terminating (perhaps using --wait argument).

This would be helpful when using both ykman config nfc and ykman config usb commands one after the other.

dainnilsson commented 3 years ago

We've just released ykman CLI 4.0.7 which should handle this better. I don't think you should have any problems invoking those commands back to back in this version.

sunknudsen commented 3 years ago

Thanks for heads-up @dainnilsson!

sunknudsen commented 3 years ago

@dainnilsson Release has not been published to https://developers.yubico.com/yubikey-manager-qt/Releases/ right?

dainnilsson commented 3 years ago

That's correct. The update is to the yubikey-manager project (CLI), not this one (GUI). Unfortunately I don't think we'll have a new release of the GUI until late October.