On 12/02/2016 06:50 PM, Leeteqxv wrote: > Is it not possible to configure this to having the Yubikey require the > person to press the key button manually/physically? > If not, such a limitation would lie in the software rather than in the > Yubikey, I assume, since the Yubikey support Challenge-Response and such > already? If possible, it is definetely preferable to work around > potential PIN theft and subsequent hidden (mis)use by requiring a > manual/physical action.
The problem here is that products that can be used as OpenPGP smart cards, like the Yubikey, can't just make arbitrary features like challenge-response for secret key operations. They need to implement the OpenPGP specification so that all software that works with them (GnuPG, OpenKeychain, others) can implement the same spec, and everything can just. The spec currently supports requiring a PIN to do secret key operations, with rate limiting that makes too many invalid PIN guesses locks the card. In order to support challenge-response as well I think the OpenPGP smart card spec would need to get updated, which is a much longer process that just writing some new software. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b55411b-5d84-6919-3e6e-1be2b8e429a7%40micahflee.com. For more options, visit https://groups.google.com/d/optout.