Yubico Forum

Hi,

are there any docs describing how to use the "retired" key slots of a yubikey 4 under Linux?

yubico-piv-tool allows to load keys and certificates into these slots, but I did not see any hint about how to use them once they are loaded into the key.

It seems as if opensc does not yet (and maybe will not) support these slots, see

https://github.com/OpenSC/OpenSC/issues/847

They say that opensc was made to comply with NIST 800-73-3 , while the yubikey does not really conform to this standard. Allegedly a central cause is the missing Key History Object.

So how would one use these keys with e.g. openssl oder with a Web-Browser/pkcs11-app?

regards

A related question: how can I move a key from slot 9c to one of the Retired Key Management slots? This is of course not a problem (or at least won't be one once OpenSC has learned how to support the extra slots) for a key generated in software, in my case however all keys have been generated on the YubiKey and even assuming it is possible to export the private part (I've never tried it), for security reasons I would very much prefer the private key to never leave the stick.

Is there, btw., a command to list which slots are occupied? (Didn't find that in the docs...)