Skip to content

Instantly share code, notes, and snippets.

@krushik
Created May 10, 2017 22:48
Show Gist options
  • Save krushik/202429bbbdef9e46ef2edd84f8409ba9 to your computer and use it in GitHub Desktop.
Save krushik/202429bbbdef9e46ef2edd84f8409ba9 to your computer and use it in GitHub Desktop.
yubikey piv attestation: verifies that piv key was generated inside yubikey (and therefore not exportable)
# based on https://developers.yubico.com/yubico-piv-tool/Attestation.html
wget -O certs.pem https://developers.yubico.com/PIV/Introduction/piv-attestation-ca.pem
yubico-piv-tool --action=read-certificate --slot=f9 >> certs.pem
yubico-piv-tool --action=attest --slot=9a > attestation.pem
openssl verify -CAfile certs.pem attestation.pem
# attestation.pem: OK
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment