You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to import an ECCP256 key to a J3H145 card running the latest PivApplet release (PivApplet-0.8.1-jc304-REePSAx.cap). Importing RSA keys works fine, but importing EC keys fails with yubico-piv-tool:
$ pivy-tool -a eccp256 import 82 < ec.key
pivy-tool: error occurred while executing 'import'
Caused by cmd_import: failed to import key
in cmd_import() at pivy-tool.c:1354
Caused by APDUError: Card replied with SW=6a80 (WRONG_DATA) to INS_IMPORT_ASYM(82)
in ykpiv_import() at piv.c:2532
Meanwhile pivy-tool -a eccp256 generate 82 works. However, the import attempt leaves the slot in a wonky state: if an RSA key is not generated first in the same slot, the ECC generate fails with APDUError: Card replied with SW=6a81 (FUNC_NOT_SUPPORTED) to INS_GEN_ASYM. After generating an RSA key in the slot first an eccp256 key can be generated on the card.
ssh-keygen -f ec.key -y on the private key I'm attempting to import produces the expected public key. openssl ec output:
ASN1 OID: prime256v1
NIST CURVE: P-256
Is there something wrong with my key or PivApplet? (This key has been successfully imported to a Yubikey 5 with ykman.)
The text was updated successfully, but these errors were encountered:
It looks like during the work to add support for P-384 the setCurveParameters() calls got moved around and now EC import doesn't work. Should be an easy fix, and I'll add an auto-test to avoid regressions with it in future (there's an auto-test for RSA import but not EC import currently).
Re: the import attempt leaving the slot in a wonky state, that looks like a closely related bug -- the same swapping around of the order of those calls vs. clearKey() / key slot setup should fix that too.
I'm trying to import an ECCP256 key to a J3H145 card running the latest PivApplet release (
PivApplet-0.8.1-jc304-REePSAx.cap
). Importing RSA keys works fine, but importing EC keys fails with yubico-piv-tool:pivy-tool fails in a similar manner:
Meanwhile
pivy-tool -a eccp256 generate 82
works. However, the import attempt leaves the slot in a wonky state: if an RSA key is not generated first in the same slot, the ECC generate fails withAPDUError: Card replied with SW=6a81 (FUNC_NOT_SUPPORTED) to INS_GEN_ASYM
. After generating an RSA key in the slot first an eccp256 key can be generated on the card.ssh-keygen -f ec.key -y
on the private key I'm attempting to import produces the expected public key.openssl ec
output:Is there something wrong with my key or PivApplet? (This key has been successfully imported to a Yubikey 5 with
ykman
.)The text was updated successfully, but these errors were encountered: