Re: xz backdoor
- To: Pierre-Elliott Bécue <peb@debian.org>, Luca Boccassi <bluca@debian.org>
- Cc: debian-devel@lists.debian.org
- Subject: Re: xz backdoor
- From: thomas@goirand.fr
- Date: Mon, 01 Apr 2024 10:59:07 +0200
- Message-id: <[🔎] 3602302d-c88c-43e4-a031-c17031473b53@goirand.fr>
- In-reply-to: <87jzliy3vv.fsf@daath.pimeys.fr>
- References: <ZgcgCR8uDPIXVJS_@akarlsso-mac.trudheim.com> <87a5mgkcn4.fsf@hope.eyrie.org> <875xx4k9bv.fsf@hope.eyrie.org> <36567ed4-7246-4466-9122-2934d6e9f18f@debian.org> <Zgg3Gm0aGIdQCMua@bongo.bofh.it> <845606FD-868C-4509-A0B1-5B43228CACF7@riseup.net> <9b21d870fa7b67add8c4f52016012bd3@kvr.at> <ZgjI6eznpC34xsbs@novelo> <ZgkLUpYx8qf9I_Jv@belkar.wrar.name> <20240331072156.lasu37crgaluzmcb@shell.thinkmo.de> <CAMw=ZnSAu1tY+pHWvfGV_0w9zMmtwhezP8TcweS81WLEWPsi-Q@mail.gmail.com> <87jzliy3vv.fsf@daath.pimeys.fr>
On Mar 31, 2024 2:37 PM, Pierre-Elliott Bécue <peb@debian.org> Wrote:
> The PGP submodule of a Yubikey can host 3 keys, one signing, one
> authent, and one encrypt. ISTR accessing the signing key is always
> prompting for the PIN. Same for the encryption key. (I think both can be
> configured otherwise)
Only for the signing operation, one can turn on the "force-sig" option so that the key always prompt for a pin. And that is not the default.
Thomas
Reply to: