YubiKit PIV Module

This module provides an implementation of the Personal Identity Verification (PIV) interface specified in the NIST SP 800-73 document Cryptographic Algorithms and Key Sizes for PIV. This standard specifies how to perform RSA or ECC sign/decrypt operations using a private key stored on the YubiKey.

Dependency

To add the PIV module, along with the Android module as a dependencies to your project, add the following to your gradle configuration:

dependencies {
  implementation 'com.yubico.yubikit:android:(insert version here)'
  implementation 'com.yubico.yubikit:piv:(insert version here)'
}

This module depends on the core module, which will automatically be added as a transitive dependency to your project.

Communication with the PIV Application

To communicate with the PIV application on a YubiKey, use the PivSession class. You will need a SmartCardConnection to a YubiKey:

PivSession piv = new PivSession(smartCardConnection);
// Verify the PIN:
piv.verifyPin(pin);

// Sign a message using a private key on the YubiKey:
byte[] signature = piv.sign(
  Slot.SIGNATURE,
  KeyType.ECCP256,
  message,
  Signature.getInstance("SHA256withECDSA")
);

YubiKey PIV JCA Provider

Since YubiKit 2.1.0 the PIV module functionality can be accessed through the Java cryptography architecture interfaces. To learn more refer to the YubiKit PIV JCA guide

Additional Resources