Marecki wrote:
I wonder, has anyone here ever tried to use a YubiKey 4 in PIV mode to store the root CA key for Windows Active Directory Certificate Services, and if so could I find the procedure documented somewhere? the "Configuring a CA for Smart Card Authentication" section of YubiKey PIV Deployment Guide says nothing about what cryptographic provider to use, all the documentation I have seen so far seems to assume only keys other than the root CA to be generated in YubiKeys, and when I simply tried to choose either the standard Windows SmartCard Store cryptographic provider or the OpenSC CSP Windows informed me the card was read-only.
Thank you in advance for any suggestions!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Why not import the pem/pfx to the Yubikey using piv-tool or the Yubikey PIV Manager?
For some reason the yubikey PIV applet reports as read only, and neither the Microsoft or opensc stacks can write to PIV slots, so certificates have to be imported/generated using Yubikey's own set of tools.
It would be good to know why Yubikey won't let applications overwrite its PIV slots when other competitors (such as PIVkey) would, using non standard APIs can be rather cumbersome.
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJYmzYmAAoJEKa4nBz3AlIIYb8IAJqFIt6NENmOLfg3rkd3zNQZ
/NUJDVq0/ChiRXwpt//jkb4F0AVL2nQJFEOu5JFVRXyRE/W7u6SHcmw797fT3/OK
zDsuO68fioUKgpoQiL0op2OyeG/5TxcWDpAQYoEFSFOR2NxUMF3aUyIE53BbDcRK
oljhmSBl5gEqtdvEwGQYMfDwkXe2e7+q2pFkAjDJqm97kRW5cWQAbaKVCE950N1K
BcyHxdzsb8dzNBAujUkc/dTccC+x+gEPe2Ku/iGBoFRB8v2k6ARc1XEAy20HPpNJ
Fj8hHbGshAwNUZ1moyKet85JW+nU5TNhxIK+D4aQdFqoAdCyAvpJwiWxI/n1K24=
=84bS
-----END PGP SIGNATURE-----Statistics: Posted by Mathieulh — Wed Feb 08, 2017 4:16 pm
]]>