Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to make yubikey connection shared #160

Closed
wants to merge 6 commits into from

Conversation

sgrb
Copy link

@sgrb sgrb commented Nov 7, 2024

Add Shared field to Client struct, which switches access mode to SCARD_SHARE_SHARED.

It is required if the Yubikey is used by multiple applications (for example, by VPN client and yubikey-agent). Currently used SCARD_SHARE_EXCLUSIVE mode prevents opening yubikey if any other app (e.g, openvpn) is curently using the key.

@ericchiang
Copy link
Collaborator

Hey @sgrb, thanks for the PR!

One of the complications in shared mode is that we can't assume that another client hasn't changed the application. I believe that means we'd want to call ykSetApplication every time this library makes a call:

https://github.com/go-piv/piv-go/pull/108/files#diff-df0547c1ba82a52ddc813111d1b6343d3a9715ec46154460b1d5685decc0065eR120

So I think this requires more significant updates to the codebase?

On a related note, I'm in the processes of getting a newer yubikey to test some of more recent firmwares and might be able to take up #108 again.

@sgrb
Copy link
Author

sgrb commented Nov 7, 2024

One of the complications in shared mode is that we can't assume that another client hasn't changed the application. I believe that means we'd want to call ykSetApplication every time this library makes a call:

Maybe you're right, I'm not an expert in Yubikey API. But at least I use this configuration (shared mode for yubikey-agent and openvpn simultaneously) without problems every day for more than a year. Perhaps it works for me because I don't use other applications - only PIV and OTP (which actually emulates input device and doesn't require application change, I suppose).

Your PR of course looks more elaborate, so I'll close this one.

@sgrb sgrb closed this Nov 7, 2024
@ericchiang
Copy link
Collaborator

Sounds good, thanks for the note that this mode has been working for you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants