Doesn't detect touch request by PIV module

[stronny]

Apologies for me being unclear whether the PIV is supported and I'm experiencing a bug or is this a planned feature?

[maximbaz]

Hello! This is not implemented, simply because I never used PIV module, but I definitely want to support this 🙂

Right now GPG detection is based on a bunch of hacks, ideally we should find a way to support CCID protocol, just like we already do with FIDO, then both GPG and PIV detection would just work. Problem is - I don't know enough of such low level stuff to implement this 😬

In any case, do you have a simple way to reproduce for me, what is the simplest command I could run to trigger touch request?

[stronny]

Generate a cert in 9a slot with touch policy enabled and open this https://server.cryptomix.com/secure/

[stronny]

Coming to think about it maybe it's less useful for traditional HTTPS flow, because depending on a setup it may require a touch for any and all requests, which will render the key unusable. Having said that, PIV detection would not be completely superfluous because I believe there are circumstances where this will still be useful, even for HTTPS (cert is only required for a "login" page that sets a cookie or somesuch).

[invidian]

Just a note, if you use PIV module for GPG, e.g using https://github.com/alonbl/gnupg-pkcs11-scd, then you will still get notified properly.