On 12/02/2016 06:50 PM, Leeteqxv wrote:
> Is it not possible to configure this to having the Yubikey require the
> person to press the key button manually/physically?
> If not, such a limitation would lie in the software rather than in the
> Yubikey, I assume, since the Yubikey support Challenge-Response and such
> already? If possible, it is definetely preferable to work around
> potential PIN theft and subsequent hidden (mis)use by requiring a
> manual/physical action.

The problem here is that products that can be used as OpenPGP smart
cards, like the Yubikey, can't just make arbitrary features like
challenge-response for secret key operations. They need to implement the
OpenPGP specification so that all software that works with them (GnuPG,
OpenKeychain, others) can implement the same spec, and everything can just.

The spec currently supports requiring a PIN to do secret key operations,
with rate limiting that makes too many invalid PIN guesses locks the
card. In order to support challenge-response as well I think the OpenPGP
smart card spec would need to get updated, which is a much longer
process that just writing some new software.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to