User gets asked to touch the yubikey, even when the key was created without touch enabled

notaryproject / notary

Notary is a project that allows anyone to have trust over arbitrary collections of data

Apache License 2.0

3.23k stars 510 forks source link

User gets asked to touch the yubikey, even when the key was created without touch enabled #276

Open diogomonica opened 8 years ago

diogomonica commented 8 years ago

Steps to replicate:

Create a key on the yubikey and not setting TOUCH
Use notary to generate a root key
See that the text "Please touch the yubikey" appears twice, but the yubikey doesn't actually wait for the touch

cyli commented 8 years ago

@a-dma IIRC from our conversation, we can't find out, using the PKCS11 library, if a key requires touch before actually trying to sign it, right?

a-dma commented 8 years ago

Correct.

endophage commented 8 years ago

Going to take this out of 0.3 milestone. The assumption is the key was loaded using the notary client which will always set the touch enabled flag. Very few to no users should be encountering this problem, it's only our own testing that we see the odd messaging.

Long term we should find a way to fix it but not a priority right now.