offset wrote:
Is it possible to configure the Yubikey 4 to allow signature without requiring a PIN prompt?
Scenario is prevent extraction of the private key but still allowing signing operations.
Would like this for Windows and Mac OS
No, nor should you seek to enable such functionality. This would enable a compromised host to sign as many things as it wanted, and you would never know. Don't know what you mean about "prevent extraction but still allow signing"; it does still allow signing, you just have to enter your pin (and it increments the counter, so you can see if a host
is compromised because you'll notice that the counter no longer accurately reflects how many signatures you had actually authorized.)
Login
FAQ
Search
