brew install ykman yubico-piv-tool
# Generate key
ykman piv keys generate -aRSA2048 --pin-policy ONCE --touch-policy CACHED 9a public.pem
# Generate self signed key
ykman piv certificates generate -s "CN=yubi-1 ssh" -aSHA256 9a public.pem
# Generate openssh public key to be added in remote authorized_keys
yubico-piv-tool -a status -a verify-pin -a read-certificate -s 9a -KSSH
# ~/.zshrc
alias ssh-add-card='ssh-add -s /opt/homebrew/Cellar/yubico-piv-tool/2.7.1/lib/libykcs11.dylib'
eval $(cat $HOME/.ssh/ssh-agent.env 2>/dev/null)
if [[ ! -S "$SSH_AUTH_SOCK" ]] || [[ "$SSH_AUTH_SOCK" =~ "Listeners" ]] || [[ ! "$(ps -p $SSH_AGENT_PID -o command 2>/dev/null | tail -n 1)" =~ "ssh-agent" ]]; then
eval $(ssh-agent -P 'usr/lib*/*,/usr/local/lib*/*,/opt/homebrew/Cellar/yubico-piv-tool/2.7.1/lib*/*' | head -n 2 | tee $HOME/.ssh/ssh-agent.env)
ssh-add-card
fi
