OpenSSH in openSUSE also seems to be patched to link to libsystemd, thus linking to liblzma. Hence, Tumbleweed should be affected. 😔 #openSUSE#Linux#liblzma#lzma#xz#ssh#infosec
This version comes with substantial updates to the openpgp-card-state dependency (which handles User PIN storage for OpenPGP card devices, see https://codeberg.org/openpgp-card/state).
It now supports selecting different PIN storage backends, including one to store the User PIN directly in the config file.
PIN verification error cases are now handled more defensively
This release shows more output for error cases, both in the log output, and with GUI notifications.
I also published an updated version 0.0.3 of https://crates.io/crates/openpgp-card-state, which contains a low-level CLI tool to help with debugging/development. This version gives more debugging output for error cases.
This release should fix build issues (the previous version didn't build on mac).
However, we're still exploring how secret storage works on non-Linux platforms. Expect a bumpy ride if you try it.
(If you do delve into debugging on mac or windows, we'd love to hear from you!)
TIL about Secretive, "an app for storing and managing SSH keys in the [Mac’s] Secure Enclave”. It has no external dependencies and comes with a #macOS native management app. Nice!
It contains exciting UX changes: after one-time initial setup, no user interaction is required.
The User PIN for cards is persisted in platform-specific secret storage. For all users whose threat model allows persisting PINs on the host (presumably most), this removes pin entry.
Required touch confirmation on the card (if enabled) is signaled with desktop notifications.