Created
December 4, 2019 00:07
-
-
Save shanewholloway/15a0f5dda96b5d328d121f255f012ebf to your computer and use it in GitHub Desktop.
Export a Yubikey certificate to an ssh-keygen compatible key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Seems to only support RSA keys... | |
ykman piv export-certificate 9a public-cert.pem | |
openssl x509 -in public-cert.pem -noout -pubkey > public-key.pem | |
ssh-keygen -i -m pkcs8 -f ./public-key.pem > id_yubi_9a.pub | |
## then `ssh -I $PATH_TO_PKCS11_LIB $destination` | |
## Also see https://somm15.github.io/yubikey/macos/ssh/2018/11/20/welcome-to-jekyll.html | |
## Or just use `ssh-keygen -D /usr/local/lib/libykcs11.dylib` - assuming you have RSA keys and not EC keys... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@xhalo32
In a rush I have not found a clear statement that PIV is using PCSK8, but I've found several pointers that keys in the PIV module of a YubiKey are stored in PCSK8-format.