Yubico Forum

I have installed yubikey-piv-tools via brew.

using my Yubikey 4 works for e.g. SSH login but get before being prompted for PIN for each installed PIV certificate a:

C_GetAttributeValue failed: 6

e.g. example:



using opensc-pkcs11.so doesn't show the error and works similar, however can't use the extra slots.

what struggles me, however is that openvpn doesn't show any certs (while opensc does):



It is a little suprising that opensc works while Yubikey's own implementation with its own device fails... I would have expected the opposite way.
The reasons why I wanted to use ykcs11 rather opensc one is the fact I can use the "retired" slots for openvpn and I do not consume the rare NIST Slots (9x) for that. Did anyone get openvpn going on macOS with ykcs11. Anything to debug that? Buggy code?

Cheers,
Yze

Found a solution myself. Since my primary goal was to use all PIV slots, I found a solution from opensc to get the "retired" slots working. The current 2017 version is already ready for this. What was missing is to describe with a Key History object how to use those slots for opensc. For the yubikey 4: To make the certificates appear in keychain. In short:



will activate all 20 slots as purpose for X509 certificate + key. With that said, ykcs11 is no longer needed.