Skip to content

Instantly share code, notes, and snippets.

@bettse

bettse/commands.md

Last active March 31, 2026 17:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bettse/fe648fdc85ad3d57773e6a62d01e8229 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bettse/fe648fdc85ad3d57773e6a62d01e8229 to your computer and use it in GitHub Desktop.
Download ZIP
Setup PIV Applet for MacOS
Raw
commands.md

https://github.com/arekinath/PivApplet

Here's the full sequence for both slots:

Slot 9a (PIV Authentication):

yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a generate -s 9a --pin=123456 --key=010203040506070801020304050607080102030405060708 > pubkey-9a.pem
yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a verify-pin -a selfsign-certificate -s 9a -S '/CN=PIV/' --pin=123456 --key=010203040506070801020304050607080102030405060708 < pubkey-9a.pem > cert-9a.pem
yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a import-certificate -s 9a --key=010203040506070801020304050607080102030405060708 < cert-9a.pem

Slot 9d (Key Management):

yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a generate -s 9d --pin=123456 --key=010203040506070801020304050607080102030405060708 > pubkey-9d.pem
yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a verify-pin -a selfsign-certificate -s 9d -S '/CN=PIV Key Management/' --pin=123456 --key=010203040506070801020304050607080102030405060708 < pubkey-9d.pem > cert-9d.pem
yubico-piv-tool -r 'OMNIKEY AG Smart Card Reader USB' -a import-certificate -s 9d --key=010203040506070801020304050607080102030405060708 < cert-9d.pem

Get hash

sc_auth identities

Then pair:

sudo sc_auth pair -u $(whoami) -h HASH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment