This is a quick update - we just wanted to let you know that Signata version 1.1.1 is now available from the Signata website, and brings in a crucial feature - Device Imports!
We had originally planned to incorporate this in the 1.0.0 release, we just trimmed it from the list of things to add so we could release it faster. We hoped we wouldn't have too many users yet that had already configured their PIV applets (but that turned out to be a bad assumption on our part!).
If you know your existing Management Key (a.k.a. the 9B key) and PUK for your YubiKey, then you can provide those and we'll add your device into Signata using them instead of generating new ones. If you do use this, please just be careful with the keys you provide - if you've got them wrong, and you fail to import your device multiple times, then you run the risk of admin-blocking your YubiKey. This isn't fatal to your YubiKey, but to manage the smart card part of your YubiKey again you will need to factory reset the PIV applet on it, wiping all keys you've stored on there. The U2F and OTP parts of your YubiKey will remain untouched.
There are a couple of other caveats with this feature:
- We don't check the quality of the keys you provide. If you provide the factory default keys, then that security risk lies with yourself. Remember that the factory default keys will allow someone to reset your PIN, and thus take ownership of your YubiKey if they can access it.
- We don't yet have the renew feature working for imported devices. You'll notice the option will be disabled - we're looking into how we can handle this simply for you, as we need a mechanism for importing your other certificates to restore them (or just totally ignoring them).
- We don't support devices that have been configured to use your PIN in lieu of your management key - the point of Signata is to manage these complicated keys for you so you only need to remember your recovery passphrase. If you desperately want this feature, please ask us and we can look into adding support for it.
- Please don't change your management key with a different application after you import the device into Signata - this will prevent us from future management of it. We can provide a mechanism to update it yourself later, if you wish (just ask us!).