When generating a PIV key in a given slot, I would expect the private key to be securely stored in the Yubikey.
But if I try to retrieve the generated key certificate (through PivSession::getCertificate or using YubikitManager), PIV key slot is empty.
Is it the intended behavior ? In such case, what is the purpose of the PivSession::generateKey method ?
Thanks for your help 🙏
Key generation code example :
```kotlin
yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device ->
device.requestConnection(SmartCardConnection::class.java) { connectionResult ->
val connection = connectionResult.getValue()
val piv = PivSession(connection)
piv.authenticate(
managementKeyType,
managementKey,
)
piv.verifyPin(
pin.toCharArray()
)
val publicKey = piv.generateKey(
Slot.SIGNATURE,
KeyType.ECCP256,
PinPolicy.DEFAULT,
TouchPolicy.DEFAULT,
)
}
}
```
Certificate retrieval code example :
```kotlin
yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device ->
device.requestConnection(SmartCardConnection::class.java) { connectionResult ->
val connection = connectionResult.getValue()
val piv = PivSession(connection)
piv.verifyPin(
pin.toCharArray()
)
val certificate = piv.getCertificate(Slot.SIGNATURE)
}
}
```
Keys and certificates are separate objects, independent of each other. If you want to be able to get a certificate, you will first need to store a certificate.
Hello,
PIV key generation behavior seems odd to me.
When generating a PIV key in a given slot, I would expect the private key to be securely stored in the Yubikey. But if I try to retrieve the generated key certificate (through
PivSession::getCertificate
or using YubikitManager), PIV key slot is empty.Is it the intended behavior ? In such case, what is the purpose of the
PivSession::generateKey
method ?Thanks for your help 🙏
Key generation code example :
```kotlin yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device -> device.requestConnection(SmartCardConnection::class.java) { connectionResult -> val connection = connectionResult.getValue() val piv = PivSession(connection) piv.authenticate( managementKeyType, managementKey, ) piv.verifyPin( pin.toCharArray() ) val publicKey = piv.generateKey( Slot.SIGNATURE, KeyType.ECCP256, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, ) } } ```Certificate retrieval code example :
```kotlin yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device -> device.requestConnection(SmartCardConnection::class.java) { connectionResult -> val connection = connectionResult.getValue() val piv = PivSession(connection) piv.verifyPin( pin.toCharArray() ) val certificate = piv.getCertificate(Slot.SIGNATURE) } } ```