Request PIN before certificate generation if PIN policy is "always"

We also correctly ask for a PIN touch after the key is generated (which
does not need it) but before certificate generation (which does if the
touch policy is not "none").

Closes str4d/age-plugin-yubikey#101.
This commit is contained in:
Jack Grigg
2023-01-03 02:09:57 +00:00
parent e26ed3a163
commit 45f6580be4
3 changed files with 34 additions and 6 deletions
+4
View File
@@ -20,6 +20,10 @@ to 0.3.0 are beta releases.
`age-plugin-yubikey` won't request a PIN entry to decrypt a file with an
identity that has a PIN policy of `once`.
### Fixed
- Identities can now be generated with a PIN policy of "always" (in previous
versions of `age-plugin-yubikey` this would cause an error).
## [0.3.2] - 2023-01-01
### Changed
- The "sharing violation" logic now also sends SIGHUP to any `yubikey-agent`