Yubikey Firmware < 5.7 don't support RSA4096 for key creation

[DeNo64]

oops reading the Arch Wiki I needed to install ccid and enable the pcscd.service service for Yubikey to be detected and used by sbctl.

*updated title to reflect the current issue

I'm getting the following error when it tries to create the RSA key

❯ sbctl create-keys --keytype yubikey
Created Owner UUID xxxxxxxxx
Please connect yubikey! Waiting 90 seconds...
Creating RSA4096 key...
Please press Yubikey to confirm presence
✗
couldn't initialize secure boot: command failed: smart card error 6a80: incorrect parameter in command data field

My assumption is because RSA4096 isn't supported on firmware 5.2.7? Reviewing the Initial Yubikey PR the algorithm is hard coded to be RSA4096. Can this be changed, or at least customisable in sbctl.conf or the cli?

In the PR, Foxboron mentions that they're using Yubikeys with firmware 5.1.1. So I'm curious if they we're able to use RSA4096 on firmware 5.1.1.

Firmware 5.7

❯ ykman piv keys generate --algorithm RSA4096 9a pubkey.test
Enter a management key [blank to use default key]:
ERROR: RSA4096 requires YubiKey 5.7 or later

Yubikey Device: YubiKey 5C NFC Firmware: 5.2.7 Enabled USB interface: OTP, FIDO, CCID PIV: Enabled

[bsingh-kpt]

@DeNo64 PR #474 to fix this and more.