Failed to create key - Error generating key

[laamalif]

$ step kms create 'yubikey:slot-id=9a' --kms 'yubikey:?pin-value=987654'

Error: failed to create key: error generating key: authenticating with management key: auth challenge: smart card error 6982: security status not satisfied
exit status 1

Update:

With Non Default Management Key (010203040506070801020304050607080102030405060708)

Error: verify pin: smart card error 63c2: verification failed

With Non Default PIN/PUK

step ca certificate --attestation-uri 'yubikey:slot-id=9a' --kms 'yubikey:?pin-value=987654' --provisioner acme-da 17634747 17634747.crt

Error: verify pin: smart card error 63c2: verification failed (2 retries remaining)

With Default PIN/PUK/Management Key all went well.

[maraino]

Hi @laamalif, have you tried passing the management-key attribute:

step kms create 'yubikey:slot-id=9a;management-key= 010203040506070801020304050607080102030405060708?pin-value=987654`

Note that the step-kms-plugin does not require the --kms flag. You can put everything in the same argument. This is not currently the case for step

[adamcstephens]

Adding the management fixed the problem for me. I had used yubikey-agent and it changed the management key.

[maraino]

Works as expected. Adding the management-key attribute fixes this.