yubico-piv-tool Provide way to export public key for a given slot akin to `ykman piv keys export`

Provide way to export public key for a given slot akin to `ykman piv keys export`

Open ecerulm opened this issue 6 months ago • 0 comments

The YubiKey Manager provides

ykman piv keys export 9a public.pem

to obtain the public key corresponding to the certificate/private key in slot 9a.

It would be great to have a corresponding action in yubico-piv-tool to do the same.

Right now, AFAIK, the only way to get the public key using yubico-piv-tool is during the generation with

yubico-piv-tool -a generate -s 9a --touch-policy=never --pin-policy=once -A RSA2048 -o public.pem

or to use read-certicate action together with openssl to extract the public key from the certificate like this

yubico-piv-tool -a read-certificate -s 9a | openssl x509 -noout -pubkey
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXiyBsdCdho3e0eAWNYo
....
....
....
0wIDAQAB
-----END PUBLIC KEY-----

But it would be helpful / convenient to have an equivalent to ykman piv keys export in yubico-piv-tool.

Aug 07 '24 07:08 ecerulm

yubico-piv-tool yubico-piv-tool copied to clipboard

Provide way to export public key for a given slot akin to `ykman piv keys export`

yubico-piv-tool
yubico-piv-tool copied to clipboard