| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] How to use retired key slots unter Linux? https://forum.yubico.com/viewtopic.php?f=35&t=2535 |
Page 1 of 1 |
| Author: | Hadmut [ Mon Jan 23, 2017 12:25 pm ] |
| Post subject: | [QUESTION] How to use retired key slots unter Linux? |
Hi, are there any docs describing how to use the "retired" key slots of a yubikey 4 under Linux? yubico-piv-tool allows to load keys and certificates into these slots, but I did not see any hint about how to use them once they are loaded into the key. It seems as if opensc does not yet (and maybe will not) support these slots, see https://github.com/OpenSC/OpenSC/issues/847 They say that opensc was made to comply with NIST 800-73-3 , while the yubikey does not really conform to this standard. Allegedly a central cause is the missing Key History Object. So how would one use these keys with e.g. openssl oder with a Web-Browser/pkcs11-app? regards |
|
| Author: | Marecki [ Mon Jan 23, 2017 4:08 pm ] |
| Post subject: | Re: [QUESTION] How to use retired key slots unter Linux? |
A related question: how can I move a key from slot 9c to one of the Retired Key Management slots? This is of course not a problem (or at least won't be one once OpenSC has learned how to support the extra slots) for a key generated in software, in my case however all keys have been generated on the YubiKey and even assuming it is possible to export the private part (I've never tried it), for security reasons I would very much prefer the private key to never leave the stick. |
|
| Author: | Hadmut [ Tue Jan 24, 2017 2:45 pm ] |
| Post subject: | Re: [QUESTION] How to use retired key slots unter Linux? |
Is there, btw., a command to list which slots are occupied? (Didn't find that in the docs...) |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|