Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import RSA public key #521

Open
yota9 opened this issue Dec 16, 2024 · 1 comment
Open

Import RSA public key #521

yota9 opened this issue Dec 16, 2024 · 1 comment

Comments

@yota9
Copy link
Contributor

yota9 commented Dec 16, 2024

Hello!
As I understand yubico can only import private keys and certificates. May I ask why public keys are deprived in this case? I don't even speak about CKO_DATA, it would be cool if these tokens have an ability to store some data securely.
Thank you!
@qpernil
Copy link
Contributor

qpernil commented Dec 16, 2024

The PIV standard specifies that data slots shall contain certificates. One way to represent 'just a public key' is to create a self-signed certificate, something that you can do in YubiKey Authenticator or yubico-piv-tool. That said, the YubiKey doesn't care what data you store in data slots so you could store just a public key if you wanted to, but other PIV applications would expect to find certificates. Regarding secure storage the YubiKey PIV application is designed to work with clients that follow the PIV specification, which specifies how the data slots are to be accessed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yota9 @qpernil and others