Introduction to the YubiKey NEO PIV Applet ========================================== The YubiKey NEO supports the Privilege and Identification Card (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This enables you to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common interfaces like PKCS#11. References: * SP 800-73-3 http://csrc.nist.gov/publications/PubsSPs.html * NIST SP 800-73-4 (draft) http://csrc.nist.gov/publications/PubsDrafts.html#800-73-4 General information ------------------- The default PIN code is 123456. The default PUK code is 12345678. The default 3DES management key (9B) is 01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08:01:02:03:04:05:06:07:08. The following key slots exists: * 9A, 9C, 9D, 9E: RSA 1024, RSA 2048, or ECC secp256r1 keys (algorithms 6, 7, 11 respectively). * 9B: Triple-DES key (algorithm 3) for PIV management. The maximum size of stored objects is 2005 bytes. Currently all functionality are available over both contact and contactless interfaces (contrary to what the specifications mandate). Software -------- Card management has been tested with the tools from the OpenSC project, specifically piv-tool, and Yubico's yubico-piv-tool. Basic features should work with any PIV compliant middleware. * https://github.com/OpenSC/OpenSC/wiki * https://developers.yubico.com/yubico-piv-tool/ * https://github.com/OpenSC/OpenSC/wiki/US-PIV * https://github.com/OpenSC/OpenSC/wiki/PivTool Card Holder Unique Identifier ----------------------------- For the applet to be usable in windows the object CHUID (Card Holder Unique Identifier) has to be set and unique. The card contents are also aggressively cached so the CHUID has to be changed if the card contents change.