[Pkg-auth-maintainers] Bug#1023561: yubico-piv-tool: selfsign-certificate fails nondescriptively, update needed?
Jamie Lentin
jm at lentin.co.uk
Tue Dec 27 11:24:59 GMT 2022
On 2022-12-24 23:22, Richard Hansen wrote:
> Control: tags -1 patch
>
> On Sun, 06 Nov 2022 17:58:06 +0000 Jamie Lentin <jm at lentin.co.uk>
> wrote:
>> Does the package need updating?
>
> Can you try merge request #7 [1] to see if it works for you? You can
> find pre-built .deb files in the CI artifacts [2] for that merge
> request.
Looks like it will do, after installing the CI artifacts:
* libykpiv2_2.3.0-1+salsaci+20221224+4_amd64.deb
* ykcs11_2.3.0-1+salsaci+20221224+4_amd64.deb
* yubico-piv-tool_2.3.0-1+salsaci+20221224+4_amd64.deb
I can happily generate / sign:
$ ykman piv reset
WARNING! This will delete all stored PIV data and restore factory
settings. Proceed? [y/N]: y
Resetting PIV data...
Success! All PIV data have been cleared from the YubiKey.
Your YubiKey now has the default PIN, PUK and Management Key:
PIN: 123456
PUK: 12345678
Management Key: 010203040506070801020304050607080102030405060708
$ which yubico-piv-tool
/usr/bin/yubico-piv-tool
$ yubico-piv-tool --version
yubico-piv-tool 2.3.0
$ yubico-piv-tool -s 9a -a generate -o public.pem
Successfully generated a new private key.
$ yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S
"/CN=SSH key/" -i public.pem -o cert.pem
Enter PIN:
Successfully verified PIN.
Successfully generated a new self signed certificate.
Thanks!
>
> (Disclaimer: I'm not a maintainer for yubico-piv-tool, just someone
> who wants to update it.)
>
> [1]
> https://salsa.debian.org/auth-team/yubico-piv-tool/-/merge_requests/7
> [2]
> https://salsa.debian.org/rhansen/yubico-piv-tool/-/jobs/3701682/artifacts/browse/debian/output/
More information about the Pkg-auth-maintainers
mailing list