| Yubico Forum https://forum.yubico.com/ |
|
| [QUESTION] - using yubikey in Java to encrypt/decrypt files https://forum.yubico.com/viewtopic.php?f=35&t=2447 |
Page 1 of 1 |
| Author: | Aurimas [ Wed Oct 05, 2016 12:52 pm ] |
| Post subject: | [QUESTION] - using yubikey in Java to encrypt/decrypt files |
I'm very new to this so most of my questions may seem trivial. I'm trying to research whether I could use yubikeys for file encryption/decryption. Basically my goal is to create a small java application that takes a file that is encrypted with the public from the yubikey and then de-crypt it using the matching private key that is on the secure element of the yubikey. 1. First question is, whether this is feasible. If yes - what would be the steps to achieve that (I assume I should utilize PIV applet somehow) So far I have managed to connect to yubikey and send various commands. However I'm facing certain issues: 2. when sending the authenticate command (INS 0x20, P2 0x82), only few times I have managed to receive a 9000 response. Other times it's either 6A80 or 6D00. Whenever I try to verify pin via yubico-piv-tool command line, it is always successful. I cannot pinpoint the reason why I am receiving different responses (they seem quite random). It looks like it is somehow related to connection modes that I can change using NEO manager tool. When I set it to OTP+CCID, it mostly return 6A80, but then after some time answers to most commands become 6D00 until I reconfigure connection mode to OTP+U2F+CCID and then back to OTP+CCID 3. even with the basic command to get the version (INS 0xFD) I start getting 6D00 response at some point. Until I get the verification command to work consistently I guess there is no point trying to generate public keys, as authentication is required to be able to do that. Thanks, Aurimas |
|
| Author: | mcdown75 [ Tue Feb 21, 2017 2:58 pm ] |
| Post subject: | Re: [QUESTION] - using yubikey in Java to encrypt/decrypt fi |
You know that there are two different sides to the key. The PIV and the OTP, right? Check this post out. viewtopic.php?f=35&t=2477&p=9146&hilit=change+pin#p9146 |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|