On Tue, Feb 25, 2025 at 01:50:26AM +0100, nusenu via tor-relays wrote:
Will this become an official torproject product which will be maintained long term?
I have talked with the team about this yesterday.
It will be an official Tor product, but the software is still considered experimental at the moment. This is why the README now contains a new section regarding the key generation. The recommended approach is now to generate the key on a live system, backup it to an external storage device and import it to the Yubikey in the end. This ensures that if the software stops working for whatever reason, you still have access to the private key material and use it as ordinary.
The long-term plan is to eventually integrate this into arti, but this requires further work on both ends: arti and the Rust-Yubikey ecosystem.
For large operators, this is a show stopper. Will this limit likely be (significantly) increased in future yubikey releases?
Unfortunately I do not have information on this.
It might be worth looking into key derivation here in order to deterministically derive an unlimited number of private keys from a Yubikey. This is however something where I feel my knowledge is quite limited and it would probably destroy a few security guarantees of a hardware module.
Thank You Clara