javadesktop-applicationyubikey

Use YubiKey to generate keypair and store private key in Desktop App


I am making an Desktop App by java and using YubiKey to authenticate requests that need user confirms. My YubiKey is YubiKey 5C NFC.

In my project, I use libraries: "com.yubico.yubikit.core: 2.4.0" and "com.yubico.yubikit.piv: 2.4.0".

In library, There is an method to gen keypair like this:

public PublicKeyValues generateKeyValues(Slot slot, KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy){}

This is enum of Slot:

public enum Slot {     
AUTHENTICATION(154, 6275333),     
SIGNATURE(156, 6275338),     
KEY_MANAGEMENT(157, 6275339),     
CARD_AUTH(158, 6275329),     
RETIRED1(130, 6275341),     
RETIRED2(131, 6275342),     
...     
RETIRED20(149, 6275360),     
ATTESTATION(249, 6291201);
}

This is enum of PinPolicy:

public enum PinPolicy {     
DEFAULT(0),     
NEVER(1),     
ONCE(2),     
ALWAYS(3);
}

This is enum of TouchPolicy:

public enum TouchPolicy {     
DEFAULT(0),     
NEVER(1),     
ALWAYS(2),     
CACHED(3);
}

And i set KeyType keyType = KeyType.RSA2048;

In my code, i call like this :

PublicKeyValues PublicKeyValues = pivSession.generateKeyValues(slot, keyType, pinPolicy, touchPolicy);

I also can enter my PIN and check that my code is connected with my YubiKey.When run it can't gen key pair and get error: Caused by: com.yubico.yubikit.core.smartcard.ApduException: APDU error: 0x6982 which mean "Security status not satisfied." but I can enter my PIN,which verified correctly and check that my code is connected with my YubiKey.

I have tried set all types of PinPolicy and TouchPolicy but still same error. Have debugged, and dead in the line:

byte[] response = this.protocol.sendAndReceive(new Apdu(0, 71, 0, slot.value, (new Tlv(-84, Tlvs.encodeMap(tlvs))).getBytes()));

which is inside 'generateKeyValue' method


Solution

  • Need to add verify 'ManagementKey' with method in library: public void authenticate(ManagementKeyType keyType, byte[] managementKey)