Skip to content

Client check for YubiKey private key touch/pin policies#32264

Merged
Joerger merged 3 commits intomasterfrom
joerger/piv-client-side-attestation
Sep 29, 2023
Merged

Client check for YubiKey private key touch/pin policies#32264
Joerger merged 3 commits intomasterfrom
joerger/piv-client-side-attestation

Conversation

@Joerger
Copy link
Copy Markdown
Contributor

@Joerger Joerger commented Sep 20, 2023
edited
Loading

Preemptively check YubiKey private key touch/pin policies on the client side.

Reviewing commit by commit should be easier, as the last commit is mostly refactors.

Prerequisite for #31732

@Joerger Joerger mentioned this pull request Sep 20, 2023
Closed
@github-actions github-actions Bot requested review from atburke and r0mant September 20, 2023 20:23
This was referenced Sep 20, 2023
Merged
Merged
@Joerger Joerger force-pushed the joerger/piv-client-side-attestation branch 3 times, most recently from b20b6bf to e39ac0b Compare September 26, 2023 19:18
@Joerger Joerger force-pushed the joerger/piv-client-side-attestation branch from 97d3f06 to 550cf20 Compare September 28, 2023 18:25
@Joerger
Copy link
Copy Markdown
Contributor Author

Joerger commented Sep 28, 2023

@atburke @r0mant friendly ping to review

@Joerger Joerger added this pull request to the merge queue Sep 29, 2023
Merged via the queue into master with commit 2c53f04 Sep 29, 2023
@Joerger Joerger deleted the joerger/piv-client-side-attestation branch September 29, 2023 00:27
Joerger added a commit that referenced this pull request Oct 12, 2023
@Joerger
Client check for YubiKey private key touch/pin policies (#32264)
5ec83e6 
* Preemptively check yubikey private key touch/pin policies on the client side.

* Replace hardware key signer functions with private key methods.

* Refactor overwrite/generate key logic.
@Joerger Joerger mentioned this pull request Oct 12, 2023
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Oct 12, 2023
@Joerger
[v14] PIV refactors (#33349)
6787442 
* Refactor PIV metadata certificate logic (#32250)

* Change PIV metadata cert to be self signed by an ephemeral key so it can be signed without touch/pin.

* Refactor touch prompt logic.

* Prompt user before overwriting non-teleport certificates instead of just returning an error.

* Update RFD and Docs.

* Address CR.

* Export some methods and variables for use in tests.

* Address comments.

* Make Hardware Key unit test interactive (#32235)

* Make yubikey unit test interactive and add to test plan.

* Move yubikey hardware signer method tests to interactive yubikey test.

* Remove hardware key interactive unit test from testplan

* Client check for YubiKey private key touch/pin policies (#32264)

* Preemptively check yubikey private key touch/pin policies on the client side.

* Replace hardware key signer functions with private key methods.

* Refactor overwrite/generate key logic.

* Have hardware_key_touch count towards MFA verification instead of replacing the normal MFA verification flow. (#31663)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@atburke atburke atburke approved these changes

Assignees

No one assigned

Labels

size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Joerger @r0mant @atburke