I am making an Desktop App by java and using YubiKey to authenticate requests that need user confirms. My YubiKey is YubiKey 5C NFC.
In my project, I use libraries: "com.yubico.yubikit.core: 2.4.0" and "com.yubico.yubikit.piv: 2.4.0".
In library, There is an method to gen keypair like this:
public PublicKeyValues generateKeyValues(Slot slot, KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy){}
This is enum of Slot:
public enum Slot {
AUTHENTICATION(154, 6275333),
SIGNATURE(156, 6275338),
KEY_MANAGEMENT(157, 6275339),
CARD_AUTH(158, 6275329),
RETIRED1(130, 6275341),
RETIRED2(131, 6275342),
...
RETIRED20(149, 6275360),
ATTESTATION(249, 6291201);
}
This is enum of PinPolicy:
public enum PinPolicy {
DEFAULT(0),
NEVER(1),
ONCE(2),
ALWAYS(3);
}
This is enum of TouchPolicy:
public enum TouchPolicy {
DEFAULT(0),
NEVER(1),
ALWAYS(2),
CACHED(3);
}
And i set
KeyType keyType = KeyType.RSA2048;
In my code, i call like this :
PublicKeyValues PublicKeyValues = pivSession.generateKeyValues(slot, keyType, pinPolicy, touchPolicy);
I also can enter my PIN and check that my code is connected with my YubiKey.When run it can't gen key pair and get error:
Caused by: com.yubico.yubikit.core.smartcard.ApduException: APDU error: 0x6982
which mean "Security status not satisfied." but I can enter my PIN,which verified correctly and check that my code is connected with my YubiKey.
I have tried set all types of PinPolicy
and TouchPolicy
but still same error.
Have debugged, and dead in the line:
byte[] response = this.protocol.sendAndReceive(new Apdu(0, 71, 0, slot.value, (new Tlv(-84, Tlvs.encodeMap(tlvs))).getBytes()));
which is inside 'generateKeyValue' method
Need to add verify 'ManagementKey' with method in library:
public void authenticate(ManagementKeyType keyType, byte[] managementKey)