Currently we are asked this for each key that can sign:
Threshold of role root is 2
Sign using xyz Yubikey? [y/N]:
Instead, each yubikeys dict in key description should have a "present": true/false. if it is true, then should request a
signature. If false, should not. Once we have certificate signing requests (CSR), a CSR for each not-present root key should
be created. Until we have CSR, all root keys must be present.
Currently we are asked this for each key that can sign:
Instead, each
yubikeys
dict in key description should have a"present": true/false
. if it is true, then should request a signature. If false, should not. Once we have certificate signing requests (CSR), a CSR for each not-present root key should be created. Until we have CSR, all root keys must be present.