Yubico Forum
https://forum.yubico.com/

[QUESTION] using Yubikey as eID replacement - possible?
https://forum.yubico.com/viewtopic.php?f=30&t=2274
Page 1 of 1

Author:  shpokas [ Sat Apr 02, 2016 8:37 pm ]
Post subject:  [QUESTION] using Yubikey as eID replacement - possible?

Hi,
due to an [eventual] bug in Latvian eID software, it is not possible to use eID card together with Yubikey.
OK, I thought, because Yubikey supports PIV, I could "clone" my eID to Yubikey and use it for all my needs.
I successfully copied certificates from eID to Yubikey with PIV tool.

Now I do not understand how an application could possibly use Yubikey as eID.
What needs to be done for a browser to "know" that Yubikey must be queried? I use Mac OS X 10.11 and Safari and Firefox.
eID card has a browser plugin. Does such thing exists for Yubikey? Or is there a generic plugin?

Sorry for my lameness and thanks for your time.
shpokas

Author:  Tom2 [ Tue Apr 05, 2016 8:52 am ]
Post subject:  Re: [QUESTION] using Yubikey as eID replacement - possible?

I think you should ask this question at Latvian eID Forum.

Yes, they could store your cert on the YubiKey but they need to build support for it in their PKCS11 module (plugin ...etc)

Normally you cannot extract the private key from your smartcard, if that is possible with your Latvian eID there is something very wrong there, unless it is by design for some unique reasons.

Note that i do not know how Latvian eID works, so I might be wrong.

Author:  shpokas [ Tue Apr 05, 2016 1:13 pm ]
Post subject:  Re: [QUESTION] using Yubikey as eID replacement - possible?

Thanks for reply!
Tom2 wrote:
Normally you cannot extract the private key from your smartcard, if that is possible with your Latvian eID there is something very wrong there, unless it is by design for some unique reasons.

Indeed, somehow I misssed this part :D
Naturally, I need private key to authenticate and sign anything.
Anyway, learned a bit anyway and I hope eID developers will fix their software so that Yubikey can be used together with eID.
Br,
shpokas

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/