Showstopper for me buying Nitrokeys is that they only have 1 fully functional slot for all PIV related operations.
I need to be able to store more than just one set for PGP / x509 signing operations.
Yubikeys for instance have the main slot and on top 20(?) further slots they label “for retired keys” but can be used (almost) the same way as the main one.
From my understanding this should be either
a) very simple to implement, as it’s just existing code addressing different slots
or
b) impossible, due to hardware limitations
Do they? Could you point me to some documentation please?
Afaik a piv module can store only 4 certs because it’s purpose is for end user entities.
If you like to implement things like a pki then consider using i.e. the Nitrokey HSM which offers 100 key slots iirc but don’t offer piv or pgp Smartcard.
Im also still in my personal research phase but the HSM works well for a pki and setting up a x509 ca.
“A PIV-enabled YubiKey NEO holds 4 distinct slots for certificates and a YubiKey 4 & 5 holds 24, as specified in the PIV standards document. Each of these slots is capable of holding an X.509 certificate, together with its accompanying private key. Technically these four slots are very similar, but they are used for different purposes.”
" Slot 82-95: Retired Key Management: These slots are only available on the YubiKey 4 & 5. They are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey 4 & 5 all 20 of them are fully available for use."
But that’s the general doc for the piv module. I like to know how to use certs in the retired slots. And how to use piv slots to implement a ca. I do only know the use case of generate a key on the pic, create a CSR and import the EE cert back to piv. And maybe generate an attestation cert in addition.
Correct, and to my understanding they’re still compliant with the standard, as for retired slots this limitation does not strictly apply to be implemented. But that’s to be taken with a grain of salted, as from faded memories only.
Retired keys are a standard feature for PIV and the current implementation follows the standard, which specifies how to use retired keys as well as how to store and read retired certificates. On the other hand the standard does not specify how to generate a retired key, or how to move an existing key to a retired slot. In a way this makes sense, there is no reason create a key that is already retired when it’s generated. The only way to do so would be to support importing keys into retired slots, which is not a standard operation, and not (yet) supported by our implementation.
It appears that yubikeys enable generating retired keys with GENERATE ASYMMETRIC KEYPAIR, even though according to the standard that command is only available for the 4 asymmetric keys (and the secure messaging key, not supported by the Nitrokey 3).
We will be considering ways to make the retired slots actually useful.
For actually using those slots as “retired” I can see why on-nitrokey generated keys need to be moved around.
Personally, however (and I think I’m not the minority here), I’m “only” interested in importing keys into respective slots, which should involve less effort than moving around on-hardware generated keys.
This is still the only reason why I didn’t switch from YubiKey to NitroKey. I need a couple of slots for private keys (and don’t want to abuse the authentication/signing slots for that), preferably exposed via PKCS#11
Maybe somethign more?
How are the keys exposed? SmartCard/OpenPGP? PIV? PKCS#11?
What are the slot IDs?
What are the signing-ops (enc/sign/auth)?
Is it “only” private keys or also certificates?
What keys of which cipher-types can they hold? Only (up to) RSA2048 or also *25519-keys?
Your question was specifically related to PIV, which is a NIST standard, so you can refer yourself to documentation of tools that make use of PIV. The test releases currently support RSA2048 and P-256. For RSA signing and decryption is supported, for P-256 we support signatures and ECDH.
The Nitrokey 3 exposes the following application for cryptography:
Secrets app uses a custom protocol and therefore is needs specific software support (nitropy, nitrokey app 2). Other protocol are open standards and are meant to be used with third-party software, you should refer to the documentation for these specific software (for examples: Web Browsers for FIDO, gpg for OpenPGP smartcards).
For PIV there are many more varied use cases. We currently have documentation for using it as part of Windows Login. For other use cases, you will need to make use of dedicated software for your use case, and look for the documentation of said software.
Curve 25519 is not standardized for PIV. We might add it as an extension in the future, nothing is currently set in stone. Users that want Curve25519 should probably use OpenPGP, which already supports it.
