No UI elements to configure touch capabilities

[martinpaljak]

So one must use the CLI version for the most important feature of YK.

[MichaelGrafnetter]

The feature is actually present in the GUI, but disabled by default for some reason unknown to me. To enable it, just add this value to the registry:

HKEY_LOCAL_MACHINE\Software\Yubico\YubiKey PIV Manager\touch_policy_slots REG_MULTI_SZ "9a", "9c", "9d", "9e"

[MichaelGrafnetter]

Update: I have created a GUI that can unlock the Touch and PIN policies (and control some other settings) in the form of an Administrative Template.

[joonas-fi]

I didn't find "Yubico" node in hierarchy under HKEY_LOCAL_MACHINE, but found it under HKEY_CURRENT_USER.

Didn't work when I entered the values:

Also treid without the quotes. Where in the PIV manager am I supposed to see the touch policy? I don't see it in:

• Main view
• File > Settings
• Certificates > Authentication (I have a pre-existing certificate, if that makes any difference)
• Manage device PINs

I am running PIV manager 1.4.2 on Windows 10.

[MichaelGrafnetter]

The PIN and Touch policies are only available while generating or importing a new private key. For security reasons, they cannot be changed afterwards.

[joonas-fi]

Ok, makes sense now that you mentioned the security reasons - that it's only available for key generation and import.

I found it and managed to get it to work, thanks @MichaelGrafnetter, you're awesome! 👍

[emlun]

Thank you @MichaelGrafnetter for answering this! Looks like we can close this issue; you're welcome to re-open it if there's something more to discuss.