ashtuchkin · August 14, 2019 18:40
diff --git a/yubikey notes & backup b/yubikey notes & backup
 # DER format:
 30 77
  02 01 01
  04 20 d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd42   # private key
  a0 0a 
    06 08 2a8648ce3d030107
  a1 44 
    03 42 00
        0425d856bbc6d4f79288c10ba887f9cd8c0612a70b7e270cda59f7486ccdf39d   # public key (found through openssl ec -text)
        fc5196b5121eb05945149dbadfbafcc2b516253e39eea53cfe2a7a4292ad5891c3

 # Just private key (DER, P-256 curve)
 3031 020101 0420 <private key> a00a06082a8648ce3d030107

 echo "3031 020101 0420 d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd42 a00a06082a8648ce3d030107" | xxd -p -r | openssl ec -inform d
 # NOTE: openssl on mac does segfault on this; use 
 see https://lapo.it/asn1js for decoding

 # Full key (DER)
 30770201010420 <private key, 32 bytes> a00a06082a8648ce3d030107a144034200 <public key, 65 bytes>

 My public keys: https://github.com/ashtuchkin.keys

 bip39.entropyToMnemonic("d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd4212")

 # https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html
 # NOTE: need to coppy opensc-pkcs11.so, not link (https://github.com/OpenSC/OpenSC/issues/1060)
 # ECDSA doesn't work because OpenSSH 8.0 needs OpenSSL 1.1, not 1.0 (the new code is protected); Should not be such problem in Linux.
 # OpenSSH 8.0 do support ECDSA though https://www.openssh.com/releasenotes.html ("Add support for ECDSA keys in PKCS#11 tokens.)
 # See https://github.com/Homebrew/homebrew-core/issues/13132;  https://github.com/openssh/openssh-portable/commit/e2cb445d786f7572da2af93e3433308eaed1093a

 # Info: http://moi.vonos.net/security/yubikey/
	# DER format:
	30 77
	02 01 01
	04 20 d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd42 # private key
	a0 0a
	06 08 2a8648ce3d030107
	a1 44
	03 42 00
	0425d856bbc6d4f79288c10ba887f9cd8c0612a70b7e270cda59f7486ccdf39d # public key (found through openssl ec -text)
	fc5196b5121eb05945149dbadfbafcc2b516253e39eea53cfe2a7a4292ad5891c3

	# Just private key (DER, P-256 curve)
	3031 020101 0420 <private key> a00a06082a8648ce3d030107

	echo "3031 020101 0420 d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd42 a00a06082a8648ce3d030107" \| xxd -p -r \| openssl ec -inform d
	# NOTE: openssl on mac does segfault on this; use
	see https://lapo.it/asn1js for decoding

	# Full key (DER)
	30770201010420 <private key, 32 bytes> a00a06082a8648ce3d030107a144034200 <public key, 65 bytes>

	My public keys: https://github.com/ashtuchkin.keys

	bip39.entropyToMnemonic("d90240a21005dd3b7df94c165fd18cf03d5cf91845d556e5ac737678f8c0dd4212")

	# https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html
	# NOTE: need to coppy opensc-pkcs11.so, not link (https://github.com/OpenSC/OpenSC/issues/1060)
	# ECDSA doesn't work because OpenSSH 8.0 needs OpenSSL 1.1, not 1.0 (the new code is protected); Should not be such problem in Linux.
	# OpenSSH 8.0 do support ECDSA though https://www.openssh.com/releasenotes.html ("Add support for ECDSA keys in PKCS#11 tokens.)
	# See https://github.com/Homebrew/homebrew-core/issues/13132; https://github.com/openssh/openssh-portable/commit/e2cb445d786f7572da2af93e3433308eaed1093a

	# Info: http://moi.vonos.net/security/yubikey/