On 2022/06/01 23:06, Pascal Stumpf wrote: > The first part is an update of py-fido2 to 0.9.3. The second part > updates yubikey-manager to 4.0.8 and makes it use the py-fido2 port > again. Contrary to the comment in py-fido2, this does not require an > update of py-click.
I updated that comment, you will need to cvs up and merge. I'm OK with updating py-fido (the current yubikey-manager port doesn't use it so there's no problem on that front). > With this, I can manage the FIDO application on my YubiKey, set a > PIN and find out if there's an SSH key stored. I can also access what > is there in terms of OpenPGP and PIV functionality. That's an improvement. I have 5C (5.43 firmware) and NEO (3.34); in both 3.1.2 and 4.0.8 I can run one fido command but that's all, any further attempt to use fido commands fails until I disconnect/reconnect the device. OpenPGP, PIV, OATH, OTP work for me with both 3.1.2 and 4.0.8. The only difference I have noticed between the two versions is OTP no longer working in 4.x; I don't see that it has fixed anything that didn't work before for me. > However, OTP slot management does not work anymore. That's a > regression. The reason is that ykman now tries to access this > functionality via the raw uhid device on Linux and there's no backend to > do this on OpenBSD. For me that's a show-stopper for the update. > Even if one were to write a backend mimicking the > functionality, it would require chown'ing device nodes. I am going to ignore this because it is no different with either version and I will probably say something that gets me yelled at. > I don't know if updating it is a good idea. At this stage I don't think so, though I wouldn't object to adding it as yubikey-manager-4.xx in security/yubico/yubikey-manager4 alongside the existing 3.x.
