Closed hayleyjames closed 3 years ago
ericchiang
commented
3 years ago Also, wanted to say thanks for the PR! Apologies for some if some of the "insecure" comments seem dramatic. For security relevant code, I always find it helpful to optimize for reviewers (so they can see an "Insecure..." variable) and developers who are approaching this for the first time.
hayleyjames
commented
3 years ago Thank you for reviewing my PR!
Adding an insecure warning is a good idea. The command is a Yubico extension to PIV. You can find the yubico-piv-tool implementation here and the documentation here.
I don't think an InsecureAllowImportedPrivateKeys flag would work because we can't differentiate between an empty slot and an imported key.
Would naming the function SetPrivateKeyInsecure be appropriate?
ericchiang
commented
3 years ago "SetPrivateKeyInsecure" works for me
ericchiang
commented
3 years ago Tests passed on my Macbook.
lgtm. Can you squash your changes into a single commit? I'll merge after.
hayleyjames
commented
3 years ago Thanks for reviewing my changes! The tests also pass on Windows 10.
ericchiang
commented
3 years ago Thanks for your contribution! This has been included in the v1.7.0 tag https://github.com/go-piv/piv-go/releases/tag/v1.7.0
Issue #77 discusses whether this library should support this feature. My use case for implementing this is to be able to create backup Yubikeys with the same private key.
Tested on: Ubuntu 20.04.1 LTS