Generate ECC Key and Selfsigned Cert using yubico-piv-tool #71

ghost · 2023-01-06T02:00:04Z

Is it possible to use yubico-piv-tool to generate an ECC P256/P384 key pair and self signed certificate as demonstrated in this link:

https://developers.yubico.com/yubico-piv-tool/Actions/key_generation.html

The key generation succeeds but generating the self signed certificate fails with this applet.

yubico-piv-tool -r Duali -a generate -a verify-pin -a selfsign -a import-certificate -s 9a -k -A ECCP256 -S "/CN=piv_auth/OU=test/O=example.com/"
Enter management key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcGE6nJnaNpfyfcTKwhxtJa6pAQFi
KG+um9UgQywc8/DaQ4E1BUNfnX5y209ZkB1vcmXAnrI1hy141Yim0ropzg==
-----END PUBLIC KEY-----
Successfully generated a new private key.
Enter PIN:
Successfully verified PIN.
Please paste the public key...
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcGE6nJnaNpfyfcTKwhxtJa6pAQFi
KG+um9UgQywc8/DaQ4E1BUNfnX5y209ZkB1vcmXAnrI1hy141Yim0ropzg==
-----END PUBLIC KEY-----
Failed signing certificate.
19632:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:crypto\asn1\a_sign.c:224:

ghost · 2023-01-06T02:05:45Z

Resolved - using Duali contactless reader. Policy for that slot must not be allowed. Switched to contact reader and it works.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generate ECC Key and Selfsigned Cert using yubico-piv-tool #71

Generate ECC Key and Selfsigned Cert using yubico-piv-tool #71

ghost commented Jan 6, 2023

ghost commented Jan 6, 2023

Generate ECC Key and Selfsigned Cert using yubico-piv-tool #71

Generate ECC Key and Selfsigned Cert using yubico-piv-tool #71

Comments

ghost commented Jan 6, 2023

ghost commented Jan 6, 2023