๐ PIV Applications
Default Credentials
| Item | Value |
|---|---|
| PIN | 123456 |
| PUK | 12345678 |
| Management Key | 010203040506070801020304050607080102030405060708 |
Using PIV with VeraCrypt
1. Install Required Software
Install the following software for your operating system:
2. Recognition Test
Command 1: List PKCS#11 Slots
&"C:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-tool.exe" --list-slotsExpected output:
Available slots:
Slot 0 (0x0): MiixKey 0
token label : PIV_II
token manufacturer : piv_II
token model : PKCS#15 emulated
token flags : login required, rng, token initialized, PIN initialized
hardware version : 0.0
firmware version : 0.0
serial num : 5cbc37b5afb4b9ac
pin min/max : 4/8
uri : pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=5cbc37b5afb4b9ac;token=PIV_IICommand 2: Check PIV Status
yubico-piv-tool -r MiixKey -a statusExpected output:
Version: 5.7.0
Serial Number: 3793437186
CHUID: 3019d4e739da739ced39ce739d836858210842108421c84210c3eb341058e4d26a85109b0c775447e7126669fa350832303530303130313e00fe00
CCC: f0159a625c4ad630ef52d6955688f1d92fbe6e4fffd911f10121f20121f300f40100f50110f600f700fa00fb00fc00fd00fe00
All non-listed slots are empty
PIN tries left: 33. Configure VeraCrypt
Step 1 โ Add OpenSC Library Path
- Go to Settings โ Security Tokens โ Select Library.
- Enter the path:
C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll(use the corresponding path for other operating systems). - Then go to Tools โ Manage Security Token Keyfiles and enter your PIN. You should see the token loaded successfully.
Step 2 โ Generate Keyfile
Go to Tools โ Keyfile Generator to create a keyfile.
Step 3 โ Convert to Base64
# Windows
[Convert]::ToBase64String([IO.File]::ReadAllBytes("keyfile.dat")) | Set-Content -Encoding ASCII "keyfile.dat.base64"
# Linux
base64 keyfile.dat > keyfile.dat.base64Step 4 โ Upload Keyfile to Object Slot
yubico-piv-tool -r MiixKey -a write-object -k --id 0x5fc108 -i keyfile.dat.base64 -f base64
Done! When creating or mounting an encrypted volume, select Cardholder Facial Image to use the keyfile stored on MiixKey.