
In PIV-C, the Yubikey can serve as main PIV credential to give organizations the option of using Yubikey instead of PIV card.

Once the Yubikey is encoded, the Yubikey will serve as the credential.Ī: In PIV and PIV-I settings, Yubikey can be issued as a derived credential to compliment the PIV credential. Once initial verification is complete, you are granted a temporary credential that will allow you to log in and encode the Yubikey. Q Do I need existing credentials to activate my Yubikey?Ī: Yes, you must first be verified before the credentialing process takes place. The reason this occurs is so that the key pairs only ever remain on the Yubikey token. Q: How can I view certificates from my Yubikey?Ī: The certificates be viewed using the Yubikey utilities or by using the Microsoft Certificate Snap-In.Ī: No, IdExchange will set the certificate to non-exportable. Finally, IdExchange will load the certificate onto the Yubikey token to complete the credential generation process.

Next, IdExchange will send the public key to be signed by the certificate authority. Q: How will the credentials be encoded onto the Yubikey?Ī: The IdExchange system will instruct the Yubikey token to generate the key pairs within its FIPS 140-2 hardware chip.
