Encrypting to an identity requires the plugin binary, and there is a
reasonable expectation that the same (or a later) plugin binary version
will be used to decrypt, so we can assume support for the preferred
recipient type.
We now indicate to the user that AES management key algorithms are not
yet supported, and tell them how to change their management key to use
TDES.
Closesstr4d/age-plugin-yubikey#135.
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we
can migrate to, this will mean that users get correctly notified
of incorrect PUK entry, instead of being told it is an incorrect
PIN issue.
Some SmartCard readers report this error when no SmartCard is inserted,
so we need to check for it when filtering for connected YubiKeys (along
with `pcsc::Error::RemovedCard` which some _other_ SmartCard readers
report instead).
Closesstr4d/age-plugin-yubikey#81.
If multiple YubiKeys were connected, and the one we needed for plugin
encryption or decryption was not first in the list of readers, any
YubiKeys before it were being reset upon drop. We now explicitly
disconnect without resetting, since we only access these YubiKeys as a
side-effect of finding the one we need.
This method only connects to YubiKeys in order to confirm it can do so
(i.e. as a side-effect). We therefore want to explicitly disconnect
without resetting the YubiKeys, to avoid clearing PIN caches.
The user call-to-action will instead be implemented on the client side,
where it can be done in a more forgiving way (allowing the user some
time to react before prompting them that it is waiting on the plugin).
We also detect the specific case where the PIN returned by the user is
likely a YubiKey OTP, generated by the user touching it early.
Closesstr4d/age-plugin-yubikey#37.