Change Details

Desired behavior: Keys in the Slots 0x9d and 0x82 – 0x95 Can be used as encryption keys Reason: I would like use the retired keys slots to store old keys Observed behavoiour: only Keys in the Slot 0x9d can be used as encryption keys, keys in slot 0x82 – 0x95 canntot be used The Yubikey provided utilities show that the key exists: # yubico-piv-tool -a status Version: 5.1.2 Serial Number: 10114510 CHUID: 3019d4e739da739ced39ce739d836858210842108421c84210c3eb34102dbe5858f8fc511b186e42b664f8ba01350832303330303130313e00fe00 CCC: f015a000000116ff02e7b9ec5dc46e7e5e3761b1c20f62f10121f20121f300f40100f50110f600f700fa00fb00fc00fd00fe00 Slot 9a: Algorithm: RSA2048 Subject DN: CN=CAcert WoT User/emailAddress=manon@manon.de Issuer DN: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root Fingerprint: 826[...] Not Before: Dec 28 00:08:36 2019 GMT Not After: Dec 27 00:08:36 2021 GMT Slot 9c: Algorithm: RSA2048 Subject DN: C=DE, CN=Manon Goo/emailAddress=manon.goo@dg-i.net Issuer DN: C=BE, O=GlobalSign nv-sa, CN=GlobalSign PersonalSign 2 CA - SHA256 - G3 Fingerprint: 69ed[...] Not Before: Jan 15 14:24:57 2020 GMT Not After: Jan 15 14:24:57 2023 GMT Slot 9d: Algorithm: RSA2048 Subject DN: emailAddress=manon.goo@dg-i.net Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Client Authentication and Secure Email CA Fingerprint: 4203[...] Not Before: Nov 8 00:00:00 2019 GMT Not After: Nov 7 23:59:59 2022 GMT Slot 9e: Algorithm: RSA2048 Subject DN: C=DE, ST=North Rhine-Westphalia, [...] Issuer DN: C=DE, ST=North Rhine-Westphalia, [...] Fingerprint: 0905[...] Not Before: Jan 14 21:15:28 2020 GMT Not After: Jan 13 21:15:28 2022 GMT Slot 82: Algorithm: RSA2048 Subject DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Issuer DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Fingerprint: f50c[...] Not Before: Dec 17 19:04:46 2019 GMT Not After: Dec 14 19:04:46 2029 GMT PIN tries left: 10 The keys seams to get listed, but can not be selected: 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] manon@fiona ~ % grep "DO " ~/Library/Logs/scdaemon-dev.log 2022-01-12 21:31:23 scdaemon[12833] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Security Object' not available: No such file or directory 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Printed Information' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 21:31:23 scdaemon[12833] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Iris Images' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Security Object' not available: No such file or directory 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Printed Information' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Iris Images' not available: Bad PIN

Desired behavior: Keys in the Slots 0x9d and 0x82 – 0x95 Can be used as encryption keys Reason: I would like use the retired keys slots to store old keys Observed behavoiour: only Keys in the Slot 0x9d can be used as encryption keys, keys in slot 0x82 – 0x95 canntot be used The Yubikey provided utilities show that the key exists: ``` $ yubico-piv-tool -a status Version: 5.1.2 Serial Number: 10114510 CHUID: 3019d4e739da739ced39ce739d836858210842108421c84210c3eb34102dbe5858f8fc511b186e42b664f8ba01350832303330303130313e00fe00 CCC: f015a000000116ff02e7b9ec5dc46e7e5e3761b1c20f62f10121f20121f300f40100f50110f600f700fa00fb00fc00fd00fe00 Slot 9a: Algorithm: RSA2048 Subject DN: CN=CAcert WoT User/emailAddress=manon@manon.de Issuer DN: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root Fingerprint: 826[...] Not Before: Dec 28 00:08:36 2019 GMT Not After: Dec 27 00:08:36 2021 GMT Slot 9c: Algorithm: RSA2048 Subject DN: C=DE, CN=Manon Goo/emailAddress=manon.goo@dg-i.net Issuer DN: C=BE, O=GlobalSign nv-sa, CN=GlobalSign PersonalSign 2 CA - SHA256 - G3 Fingerprint: 69ed[...] Not Before: Jan 15 14:24:57 2020 GMT Not After: Jan 15 14:24:57 2023 GMT Slot 9d: Algorithm: RSA2048 Subject DN: emailAddress=manon.goo@dg-i.net Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Client Authentication and Secure Email CA Fingerprint: 4203[...] Not Before: Nov 8 00:00:00 2019 GMT Not After: Nov 7 23:59:59 2022 GMT Slot 9e: Algorithm: RSA2048 Subject DN: C=DE, ST=North Rhine-Westphalia, [...] Issuer DN: C=DE, ST=North Rhine-Westphalia, [...] Fingerprint: 0905[...] Not Before: Jan 14 21:15:28 2020 GMT Not After: Jan 13 21:15:28 2022 GMT Slot 82: Algorithm: RSA2048 Subject DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Issuer DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Fingerprint: f50c[...] Not Before: Dec 17 19:04:46 2019 GMT Not After: Dec 14 19:04:46 2029 GMT PIN tries left: 10 ``` The keys seams to get listed, but can not be selected: 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] ``` $ grep "DO " ~/Library/Logs/scdaemon-dev.log 2022-01-12 21:31:23 scdaemon[12833] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Security Object' not available: No such file or directory 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Printed Information' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 21:31:23 scdaemon[12833] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Iris Images' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Security Object' not available: No such file or directory 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Printed Information' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Iris Images' not available: Bad PIN ```

Desired behavior: Keys in the Slots 0x9d and 0x82 – 0x95 Can be used as encryption keys Reason: I would like use the retired keys slots to store old keys Observed behavoiour: only Keys in the Slot 0x9d can be used as encryption keys, keys in slot 0x82 – 0x95 canntot be used The Yubikey provided utilities show that the key exists: ``` #$ yubico-piv-tool -a status Version: 5.1.2 Serial Number: 10114510 CHUID: 3019d4e739da739ced39ce739d836858210842108421c84210c3eb34102dbe5858f8fc511b186e42b664f8ba01350832303330303130313e00fe00 CCC: f015a000000116ff02e7b9ec5dc46e7e5e3761b1c20f62f10121f20121f300f40100f50110f600f700fa00fb00fc00fd00fe00 Slot 9a: Algorithm: RSA2048 Subject DN: CN=CAcert WoT User/emailAddress=manon@manon.de Issuer DN: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root Fingerprint: 826[...] Not Before: Dec 28 00:08:36 2019 GMT Not After: Dec 27 00:08:36 2021 GMT Slot 9c: Algorithm: RSA2048 Subject DN: C=DE, CN=Manon Goo/emailAddress=manon.goo@dg-i.net Issuer DN: C=BE, O=GlobalSign nv-sa, CN=GlobalSign PersonalSign 2 CA - SHA256 - G3 Fingerprint: 69ed[...] Not Before: Jan 15 14:24:57 2020 GMT Not After: Jan 15 14:24:57 2023 GMT Slot 9d: Algorithm: RSA2048 Subject DN: emailAddress=manon.goo@dg-i.net Issuer DN: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Client Authentication and Secure Email CA Fingerprint: 4203[...] Not Before: Nov 8 00:00:00 2019 GMT Not After: Nov 7 23:59:59 2022 GMT Slot 9e: Algorithm: RSA2048 Subject DN: C=DE, ST=North Rhine-Westphalia, [...] Issuer DN: C=DE, ST=North Rhine-Westphalia, [...] Fingerprint: 0905[...] Not Before: Jan 14 21:15:28 2020 GMT Not After: Jan 13 21:15:28 2022 GMT Slot 82: Algorithm: RSA2048 Subject DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Issuer DN: CN=manon.goo@dg-i.net, OU=82, O=Selfsigned Fingerprint: f50c[...] Not Before: Dec 17 19:04:46 2019 GMT Not After: Dec 14 19:04:46 2029 GMT PIN tries left: 10 ``` The keys seams to get listed, but can not be selected: 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] ``` manon@fiona ~ %$ grep "DO " ~/Library/Logs/scdaemon-dev.log 2022-01-12 21:31:23 scdaemon[12833] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Security Object' not available: No such file or directory 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Printed Information' not available: Bad PIN 2022-01-12 21:31:23 scdaemon[12833] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 21:31:23 scdaemon[12833] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 21:31:23 scdaemon[12833] DO 'Cardholder Iris Images' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Card Capability Container': 5333f015a000000116ff02e7b9ec5dc4[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Unique Id': 533b3019d4e739da739ced39ce739d83[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert PIV Authentication': 5382055e708205553082055130820339[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Fingerprints' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Security Object' not available: No such file or directory 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Facial Image' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Card Authentication': 538206d0708206c7308206c3308204ab[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Digital Signature': 53820508708204ff308204fb308203e3[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cert Key Management': 5382051f7082051630820512308203fa[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Printed Information' not available: Bad PIN 2022-01-12 22:00:01 scdaemon[15338] DO 'Discovery Object': 7e124f0ba0000003080000100001005f[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Key History Object': 5308c10114c20100fe00 2022-01-12 22:00:01 scdaemon[15338] DO 'Retired Cert Key Mgm 1': 5382036170820358308203543082023c[...] 2022-01-12 22:00:01 scdaemon[15338] DO 'Cardholder Iris Images' not available: Bad PIN ```