New v1.7.2 does not see PIV-D certs on Yubikey
delfuego opened this issue · 4 comments
Now that #114 is fixed, plugging in our PIV-D-provisioned Yubikey 5Ci devices into our phones doesn't cause an app crash when we go to Configuration > Smart card extension — so that's a win! But unfortunately, the app doesn't appear to see our certs at all; when going to Configuration > Smart card extension, the app reports "No certificates on Yubikey". (See screenshot that I'm attaching.)
How can we help you debug this? The devices work perfectly to allow login to Windows and macOS computers, so the certs themselves are fine, and their provisioning onto the keys is such that both Windows and macOS happily see them.
Thats unfortunate. The only reason I can see is that either we fail parsing out the raw data for the cert that the YubiKey returns or iOS fails to create a SecCertificateRef from the data. Is there a way I can get hold of a sample cert to test with?
What's the right way to get you what you need? Getting a cert from the key is easy, so I could send you the cert from 9a (which I presume is the relevant one, since it's the one that'd be used for any website authentication); twocanoes' Smart Card Utility happily sees the certs on the key and lets me export them for example. But I don't know how to get you anything meaningful that allows you to test how Yubico Authenticator is able to actually read the key in the first place — is there any debug logging or other forensic data that we can gather at our end?
I think emailing me an exported cert would be a good start. You can send it to jens.utbult@yubico.com.
Just emailed.