The PIV PIN, PUK, and management key. Per the standard, there are three keys/secret values in PIV (Personal Identity Verification): PIN (Personal Identification Number) PUK (PIN Unblocking Key) Management key; The main purpose of the PIN is to authenticate the user for signing and decrypting, although there are other operations that need it as ...

2020年5月12日 · PIN Unblocking Key (PUK) is a code that is used by users or applications to reset a PIN that has been lost, forgotten, or locked because of too many failed attempts. The PUK is part of the PIV standard that the YubiKey follows. Another smart card standard, (GIDS standard) leverages a challenge/response method to manage PIN issues.

2020年8月3日 · By default, the user PIN is blocked when three consecutive incorrect PINs have been entered. The PIN Unblocking Code (PUK) is used for unblocking the user PIN. If both the PIN and the PUK are blocked, the YubiKey must be reset, which deletes any loaded certificates and returns the YubiKey to a factory default state.

With the release of the 5.7 YubiKey firmware version, Advanced Encryption Standard 192 bit (AES-192) is the default security type for the PIV management key. Triple Data Encryption Standard (TDES or 3DES) is the default security type …

2020年10月19日 · PUKs are a backup mechanism for recovering and resetting a locked Yubikey. After the PIN has been entered incorrectly 3 times, you’ll have 3 opportunities to put in the correct PUK. If the user fails that too, then the device will be permanently locked and will need to be restored to factory conditions before it can be used again.

The PIN, PUK, and Management Key are essential to the functionality of the YubiKey’s PIV application. The PIN is a 6-8 character value (default: 123456) that protects the YubiKey’s PIV slot credentials. It is required when performing operations such as authentication, encryption/decryption, and digital signature creation.

9a 插槽：PIV 验证. 验证智能卡和持卡人（比如用于操作系统登录、ssh、WiFi、OpenVPN、curl、Android code、Mac code、屏幕自动解锁）。通常 PIN 只会请求一次，在后续操作中可能会被重复使用。 9c 插槽：电子签名

Yubikey 支持个人身份验证 (PIV 和 FIPS 201) 智能卡接口 (NIST SP 800-73)。 根据智能卡上存储的私钥，通过 PKCS#11 一类的通用接口进行RSA 或者 ESS 的签名、加密、解密操作。

The YubiKey 4 and 5 series along with the YubiKey NEO support the Personal Identity Verification (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This enables you to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common interfaces like PKCS#11.

2024年8月28日 · 通过Yubico PIV工具，用户可以轻松地在设备上生成密钥、导入密钥和证书、创建证书请求以及其他操作。 该项目不仅提供了命令行工具，还包含一个共享库，使得集成和使用更为便捷。 Yubico PIV工具的核心技术围绕着PIV应用和YubiKey的硬件安全特性。 它支持多种操作系统，包括POSIX平台（如Linux和macOS）以及Windows。 在技术实现上，该项目依赖于多个关键库和工具，如OpenSSL、PCSC、Gengetopt等，确保了其在不同平台上的兼容性和稳定性 …