Q1. What is the problem that you are trying to solve?
We manage our logins primarily over YubiKeys. But this is not everywhere possible since some Services require passwords. So I hoped, that we could use passbolt (Pro) to manage these passwords and I tried the demo. But when a new user is registered the browser-plugin asks for his private key. – Which he can’t provide since it is securely stored on the YubiKey… (The hole Idea is that it can’t be extracted from there.)
And it seems that it even tries to save the keys on disk so these keys are burned for ever for using in 2FA.
Since you can’t change them its doesn’t help to change keys.
Q2 - Who is impacted?
Everybody who wants to use its YubiKey for more than passbolt alone.
Q3 - Why is it important and/or urgent?
Since we are required to use 2FA we could not use passbolt if it stays the way that you need private Keys on disk.
Q4 - What is your proposed solution? (optional)
The browser-plugin should only ask about the public key at the registration since it doesn’t require the private key if you are using 2FA.