Closed rajil closed 3 years ago
There can be only one value for YKFDE_CHALLENGE
in 1fa setup. You can use the same value for multiple keys which will still result with different luks passwords per key (unless you cloned AES secrets for multiple keys) which need to be enrolled separately.
Considering above I don't see value in having multiple YKFDE_CHALLENGE
for 1fa while it would complicate using multiple keys.
@rajil Hope that the above clarifies it. I'll close the issue for now.
Hello,
I am using the primary key was 1FA which is working well. However, I want to register my secondary key incase the primary one gets lost.
At the moment i have populated YKFDE_CHALLENGE="" with the string which the key emits on short touch. This passphrase is set by Yubico as a factory setting. My backup key has a different default passphrase. Can YKFDE_CHALLENGE accept multiple passphrase corresponding to each of my yubikey?
Thanks