[Pkg-auth-maintainers] Bug#1023561: yubico-piv-tool: selfsign-certificate fails nondescriptively, update needed?

Jamie Lentin jm at lentin.co.uk
Tue Dec 27 11:24:59 GMT 2022

On 2022-12-24 23:22, Richard Hansen wrote:
> Control: tags -1 patch
> On Sun, 06 Nov 2022 17:58:06 +0000 Jamie Lentin <jm at lentin.co.uk> 
> wrote:
>> Does the package need updating?
> Can you try merge request #7 [1] to see if it works for you?  You can
> find pre-built .deb files in the CI artifacts [2] for that merge
> request.

Looks like it will do, after installing the CI artifacts:

* libykpiv2_2.3.0-1+salsaci+20221224+4_amd64.deb
* ykcs11_2.3.0-1+salsaci+20221224+4_amd64.deb
* yubico-piv-tool_2.3.0-1+salsaci+20221224+4_amd64.deb

I can happily generate / sign:

$ ykman piv reset
WARNING! This will delete all stored PIV data and restore factory 
settings. Proceed? [y/N]: y
Resetting PIV data...
Success! All PIV data have been cleared from the YubiKey.
Your YubiKey now has the default PIN, PUK and Management Key:
         PIN:    123456
         PUK:    12345678
         Management Key: 010203040506070801020304050607080102030405060708
$ which yubico-piv-tool
$ yubico-piv-tool --version
yubico-piv-tool 2.3.0
$ yubico-piv-tool -s 9a -a generate -o public.pem
Successfully generated a new private key.
$ yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S 
"/CN=SSH key/" -i public.pem -o cert.pem
Enter PIN:
Successfully verified PIN.
Successfully generated a new self signed certificate.


> (Disclaimer: I'm not a maintainer for yubico-piv-tool, just someone
> who wants to update it.)
> [1] 
> https://salsa.debian.org/auth-team/yubico-piv-tool/-/merge_requests/7
> [2] 
> https://salsa.debian.org/rhansen/yubico-piv-tool/-/jobs/3701682/artifacts/browse/debian/output/

More information about the Pkg-auth-maintainers mailing list