imakhalova
commented
4 years ago Hello @karannj , thank you for your feature request. SDK currently exposes methods that require communication with YubiKey in order to create CSR: generate key pair and sign data. One of approaches that I can suggest you to create CSR within Android app is to use Bouncy Castle API/libraries. Just to give you idea where to start. Look at this class: https://www.bouncycastle.org/docs/pkixdocs1.3/org/bouncycastle/pkcs/PKCS10CertificationRequestBuilder.html Use PivApplication.generateKey() to get public key for this CSR builder. And for signing provide implementation of this interface https://www.bouncycastle.org/docs/pkixdocs1.3/org/bouncycastle/operator/ContentSigner.html and method getSignature() of this class should invoke PivApplication.sign() method from this yubikit library. There are plenty of samples how to do the rest. Pseudo code is:
PublicKey publicKey = pivApplication.generateKey(...);
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("CN=Requested Test Certificate"), publicKey);
ContentSigner signer = new YubiKeySigner(pivApplication);
PKCS10CertificationRequest csr = p10Builder.build(signer);Let me know if this helps.
Currently the PIV module can generate key pairs but is lacking the option to generate a certificate signing request. Are there any plans to include this functionality in the SDK? (Similar to what the yubikey-piv-manager tool offers)