Page MenuHome GnuPG

Cannot use "Retired Cert Key Mgm [1-20]” Slots on YubiKey
Open, NormalPublic

Description

Desired behavior: Keys in the Slots 0x9d and 0x82 – 0x95 Can be used as encryption keys

Reason: I would like use the retired keys slots to store old keys

Observed behavoiour: only Keys in the Slot 0x9d can be used as encryption keys, keys in slot 0x82 – 0x95 canntot be used

The Yubikey provided utilities show that the key exists:

$  yubico-piv-tool -a status
Version:      5.1.2
Serial Number: 10114510
CHUID:       3019d4e739da739ced39ce739d836858210842108421c84210c3eb34102dbe5858f8fc511b186e42b664f8ba01350832303330303130313e00fe00
CCC:       f015a000000116ff02e7b9ec5dc46e7e5e3761b1c20f62f10121f20121f300f40100f50110f600f700fa00fb00fc00fd00fe00
Slot 9a:     
       Algorithm:    RSA2048
       Subject DN:   CN=CAcert WoT User/emailAddress=manon@manon.de
       Issuer DN:    O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
       Fingerprint:  826[...]
       Not Before:   Dec 28 00:08:36 2019 GMT
       Not After:    Dec 27 00:08:36 2021 GMT
Slot 9c:     
       Algorithm:    RSA2048
       Subject DN:   C=DE, CN=Manon Goo/emailAddress=manon.goo@dg-i.net
       Issuer DN:    C=BE, O=GlobalSign nv-sa, CN=GlobalSign PersonalSign 2 CA - SHA256 - G3
       Fingerprint:  69ed[...]
       Not Before:   Jan 15 14:24:57 2020 GMT
       Not After:    Jan 15 14:24:57 2023 GMT
Slot 9d:     
       Algorithm:    RSA2048
       Subject DN:   emailAddress=manon.goo@dg-i.net
       Issuer DN:    C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Client Authentication and Secure Email CA
       Fingerprint:  4203[...]
       Not Before:   Nov  8 00:00:00 2019 GMT
       Not After:    Nov  7 23:59:59 2022 GMT
Slot 9e:     
       Algorithm:    RSA2048
       Subject DN:   C=DE, ST=North Rhine-Westphalia, [...]
       Issuer DN:    C=DE, ST=North Rhine-Westphalia, [...]
       Fingerprint:  0905[...]
       Not Before:   Jan 14 21:15:28 2020 GMT
       Not After:    Jan 13 21:15:28 2022 GMT
Slot 82:     
       Algorithm:    RSA2048
       Subject DN:   CN=manon.goo@dg-i.net, OU=82, O=Selfsigned
       Issuer DN:    CN=manon.goo@dg-i.net, OU=82, O=Selfsigned
       Fingerprint:  f50c[...]
       Not Before:   Dec 17 19:04:46 2019 GMT
       Not After:    Dec 14 19:04:46 2029 GMT
PIN tries left:      10

The keys seams to get listed, but can not be selected:

2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...]

$  grep "DO " ~/Library/Logs/scdaemon-dev.log
2022-01-12 21:31:23 scdaemon[12833] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Fingerprints' not available: Bad PIN
2022-01-12 21:31:23 scdaemon[12833] DO 'Security Object' not available: No such file or directory
2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Facial Image' not available: Bad PIN
2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Printed Information' not available: Bad PIN
2022-01-12 21:31:23 scdaemon[12833] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Key History Object': 5308c10114c20100fe00
2022-01-12 21:31:23 scdaemon[12833] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...]
2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Iris Images' not available: Bad PIN
2022-01-12 22:00:01 scdaemon[15338] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Fingerprints' not available: Bad PIN
2022-01-12 22:00:01 scdaemon[15338] DO 'Security Object' not available: No such file or directory
2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Facial Image' not available: Bad PIN
2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Printed Information' not available: Bad PIN
2022-01-12 22:00:01 scdaemon[15338] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Key History Object': 5308c10114c20100fe00
2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...]
2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Iris Images' not available: Bad PIN
 

Details

Version
2.3.4