Yubico Forum https://forum.yubico.com/ |
|
YubiKey 4 teething problems - weird issues + PIV problems https://forum.yubico.com/viewtopic.php?f=16&t=2156 |
Page 1 of 1 |
Author: | Aditza [ Sat Jan 09, 2016 3:23 pm ] |
Post subject: | YubiKey 4 teething problems - weird issues + PIV problems |
Hello, I'm just starting to use yubikeys and i bought a few keys YubiKey 4 for testing.... i have hit a couple of problems with them...they both seem easy to fix (Yubico can easily publish updated versions of the management tools for this) but the second one is a bit of a head-scratcher... 1) the Yubikey personalization tools and the PIV Manager (both GUI + CLI) won't recognize an inserted YubiKey if i disable the OTP or PIV function with Neo Manager - shouldn't they at least recognize the inserted key and tell me that OTP/PIV is disabled for that particular key? 2) when i configure the digital certificate slots with PIV Manager in ECC mode (P-256 or P-384), the digital certificates are not recognized by the Windows trust store - they do not appear under Internet Options - Content - certificates - Personal Certificates. Only RSA1024 and 2048 certificates are recognized by windows... ECC certificates are not recognized as Personal Certificates at all. tested self-signed certificates: sha256RSA - 1024 bits - is recognized as a personal certificate sha256RSA - 2048 bits - is recognized as a personal certificate sha256ECDSA - ECDSA_P256 - is NOT recognized by Windows 10 as an usable personal certificate for signing sha256ECDSA - ECDSA_P384 - is NOT recognized by Windows 10 as an usable personal certificate for signing RSA 4096 bits - is not even offered as an option by PIV Manager v1.2.1 when generating certificate requests or self-signed certificates, even though RSA 4096 is supposedly supported by Yubikey 4.... Since Yubikey 4 supports RSA 4096 bits, can you please add it as an option for generating certificates into PIV Manager or is RSA 4096 supported only with externally-generated and imported certificates? Also, for the operating system part...does anyone know why sha256ECDSA ECDSA_P256/ECDSA_P384 is not recognized in windows for PIV Certificates for signing? Windows recognizes them properly when i export the certificates as .CRT files but won't show them when configured for PIV/SmartCard signing. Is there a KB fix or a TechNet article available from Microsoft for enabling this? setup info: -firmware version on my Yubikeys 4 is v4.2.7, ordered on january 1st 2016 and delivered this week. -PIV manager version used is https://developers.yubico.com/yubikey-piv-manager/Releases/yubikey-piv-manager-1.2.1-win.exe which has a digital signature timestamp of January 4th, 2016. SHA-1 checksum of that file: 21976d4fda92209729a1409e35d0b665b3a10e4d SHA-256: 490f749497bd424cb40fbe8ad8b14d7a2f44dcd89a793767f457bd51e32784e0 -OS version of my testing system: Windows 10 professional x64 1511 with all updates applied |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |