Vincent43
commented
3 years ago There can be only one value for YKFDE_CHALLENGE in 1fa setup. You can use the same value for multiple keys which will still result with different luks passwords per key (unless you cloned AES secrets for multiple keys) which need to be enrolled separately.
Considering above I don't see value in having multiple YKFDE_CHALLENGE for 1fa while it would complicate using multiple keys.
agherzan
Hello,
I am using the primary key was 1FA which is working well. However, I want to register my secondary key incase the primary one gets lost.
At the moment i have populated YKFDE_CHALLENGE="" with the string which the key emits on short touch. This passphrase is set by Yubico as a factory setting. My backup key has a different default passphrase. Can YKFDE_CHALLENGE accept multiple passphrase corresponding to each of my yubikey?
Thanks