Per Nilsson

In general the format of keys depends on the type of key, for example you should only reverse the first 32 bytes if it is an ed25519 key. And even...

Also, you seem to have some errors in the reversing code (array bounds), see the failed checks below.

I think this is a useful application, but it would perhaps be even more useful if the output was in some standard format other applications can use. yubihsm-wrap is an...

Adresses https://github.com/Yubico/yubihsm-shell/issues/270

Yes this is a known issue, the problem is that the tool performs several operations against the device within a single action, hence pin cannot be verified directly before the...

Yes, that's the one most likely to be merged, or something similar.

I just noticed one thing from the title of this issue - The problem should only manifest if the PIN policy is 'always', i.e. by default only slot 9c.

The spec says that any 'related' objects should use the same id, but in practice it seems most software expects to find just one certificate when searching by id. So...

Attestation certificates are actually not 'real' certificates, they are generated when you open the first session to a slot. This is a feature of the module. They will therefore not...

Maybe request a change in OpenVPN where they only search for CKA_TOKEN=CK_TRUE certificates ?