Re: Strange issues with libykcs11 under macOS

2018-01-03T16:35:27+01:00

Found a solution myself. Since my primary goal was to use all PIV slots, I found a solution from opensc to get the "retired" slots working. The current 2017 version is already ready for this. What was missing is to describe with a Key History object how to use those slots for opensc. For the yubikey 4: To make the certificates appear in keychain. In short:

Code:

echo -n C10114C20100FE00 | yubico-piv-tool -k -a write-object --id 0x5FC10C -i -

will activate all 20 slots as purpose for X509 certificate + key. With that said, ykcs11 is no longer needed.

Statistics: Posted by yze — Wed Jan 03, 2018 4:35 pm

Strange issues with libykcs11 under macOS

2018-01-03T00:04:27+01:00

I have installed yubikey-piv-tools via brew.

using my Yubikey 4 works for e.g. SSH login but get before being prompted for PIN for each installed PIV certificate a:

C_GetAttributeValue failed: 6

e.g. example:

Code:

% ssh-keygen -D /usr/local/lib/libykcs11.dylib -e
C_GetAttributeValue failed: 6
[...]

using opensc-pkcs11.so doesn't show the error and works similar, however can't use the extra slots.

what struggles me, however is that openvpn doesn't show any certs (while opensc does):

Code:

% openvpn --show-pkcs11-ids /usr/local/lib/libykcs11.dylib

The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
%

It is a little suprising that opensc works while Yubikey's own implementation with its own device fails... I would have expected the opposite way.
The reasons why I wanted to use ykcs11 rather opensc one is the fact I can use the "retired" slots for openvpn and I do not consume the rare NIST Slots (9x) for that. Did anyone get openvpn going on macOS with ykcs11. Anything to debug that? Buggy code?

Cheers,
Yze

Statistics: Posted by yze — Wed Jan 03, 2018 12:04 am

Yubico Forum

Re: Strange issues with libykcs11 under macOS

Strange issues with libykcs11 under macOS