dainnilsson
commented
1 year ago Keys and certificates are separate objects, independent of each other. If you want to be able to get a certificate, you will first need to store a certificate.
Closed Chralu closed 1 year ago
dainnilsson
commented
1 year ago Keys and certificates are separate objects, independent of each other. If you want to be able to get a certificate, you will first need to store a certificate.
Chralu
commented
1 year ago Thanks for the explaination.
Hello,
PIV key generation behavior seems odd to me.
When generating a PIV key in a given slot, I would expect the private key to be securely stored in the Yubikey. But if I try to retrieve the generated key certificate (through
PivSession::getCertificateor using YubikitManager), PIV key slot is empty.Is it the intended behavior ? In such case, what is the purpose of the
PivSession::generateKeymethod ?Thanks for your help 🙏
Key generation code example :
```kotlin yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device -> device.requestConnection(SmartCardConnection::class.java) { connectionResult -> val connection = connectionResult.getValue() val piv = PivSession(connection) piv.authenticate( managementKeyType, managementKey, ) piv.verifyPin( pin.toCharArray() ) val publicKey = piv.generateKey( Slot.SIGNATURE, KeyType.ECCP256, PinPolicy.DEFAULT, TouchPolicy.DEFAULT, ) } } ```Certificate retrieval code example :
```kotlin yubikitManager.startNfcDiscovery(NfcConfiguration(), activity) { device -> device.requestConnection(SmartCardConnection::class.java) { connectionResult -> val connection = connectionResult.getValue() val piv = PivSession(connection) piv.verifyPin( pin.toCharArray() ) val certificate = piv.getCertificate(Slot.SIGNATURE) } } ```