### Enumerate PC/SC Readers and Open YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Enumerates all available PC/SC readers and attempts to open a YubiKey from each. Handles potential errors during opening. ```rust use yubikey::reader::Context; fn main() -> yubikey::Result<()> { let mut ctx = Context::open()?; for reader in ctx.iter()? { println!("Reader: {}", reader.name()); match reader.open() { Ok(yk) => println!(" YubiKey serial={}", yk.serial()), Err(e) => println!(" Could not open: {}", e), } } Ok(()) } ``` -------------------------------- ### Open Sole Connected YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Opens a session with the single connected YubiKey. Returns an error if more than one device is attached. ```rust use yubikey::{YubiKey, Serial, Error}; fn main() -> Result<(), Error> { // Open the sole connected YubiKey let mut yubikey = YubiKey::open()?; println!("Connected to: {}", yubikey.name()); println!("Firmware: {}", yubikey.version()); println!("Serial: {}", yubikey.serial()); Ok(()) } ``` -------------------------------- ### Opening a connection to a YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt `YubiKey::open()` attempts to open a session with a single connected YubiKey. It returns an error if multiple devices are detected, in which case `open_by_serial` should be used. ```APIDOC ## Opening a connection to a YubiKey `YubiKey::open() -> Result` opens a session with the single connected YubiKey. Returns `Error::PcscError` if more than one device is attached; use `open_by_serial` in that case. ### Request Example ```rust use yubikey::{YubiKey, Serial, Error}; fn main() -> Result<(), Error> { // Open the sole connected YubiKey let mut yubikey = YubiKey::open()?; println!("Connected to: {}", yubikey.name()); println!("Firmware: {}", yubikey.version()); println!("Serial: {}", yubikey.serial()); Ok(()) } ``` ``` -------------------------------- ### YubiKey Connection and Authentication with Error Handling Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Connects to a YubiKey, verifies the PIN, and authenticates using a management key. Provides detailed error messages for common issues like wrong PIN or locked PIN. ```rust use yubikey::{YubiKey, MgmKey, Error}; fn connect_and_auth() -> Result { let mut yubikey = YubiKey::open().map_err(|e| { eprintln!("Cannot open YubiKey: {} (legacy: {:?})", e, e.name()); e })?; yubikey.verify_pin(b"123456").map_err(|e| match e { Error::WrongPin { tries } => { eprintln!("Wrong PIN — {} retries left", tries); e } Error::PinLocked => { eprintln!("PIN is locked — use PUK to unblock"); e } other => other, })?; let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.authenticate(&mgm_key)?; Ok(yubikey) } fn main() { match connect_and_auth() { Ok(yk) => println!("Ready, serial={}", yk.serial()), Err(e) => eprintln!("Setup failed: {}", e), } } ``` -------------------------------- ### Run Tests with Info Logging Source: https://github.com/iqlusioninc/yubikey.rs/blob/main/README.md To see detailed logging information during test execution, set the `RUST_LOG` environment variable to `info`. This helps in understanding the test flow. ```shell RUST_LOG=info cargo test -- --ignored ``` -------------------------------- ### Enumerating PC/SC readers Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt This functionality allows for the enumeration of available PC/SC readers and opening a `YubiKey` connection from a specific reader. ```APIDOC ## Enumerating PC/SC readers `reader::Context::open()` creates a PC/SC context and `Context::iter()` enumerates all available readers; `Reader::open()` opens a `YubiKey` from a specific reader. ### Request Example ```rust use yubikey::reader::Context; fn main() -> yubikey::Result<()> { let mut ctx = Context::open()?; for reader in ctx.iter()? { println!("Reader: {}", reader.name()); match reader.open() { Ok(yk) => println!(" YubiKey serial={}", yk.serial()), Err(e) => println!(" Could not open: {}", e), } } Ok(()) } ``` ``` -------------------------------- ### Generate Self-Signed Certificate on YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Creates and writes a self-signed X.509 certificate for a key in a specified slot. Requires authentication with the management key and PIN verification. Uses `yubikey_signer::KeyType` to select the algorithm. ```rust use std::{str::FromStr, time::Duration}; use x509_cert::{name::Name, serial_number::SerialNumber, time::Validity}; use yubikey::{ certificate::{yubikey_signer, Certificate}, piv::{self, AlgorithmId, RetiredSlotId, SlotId}, MgmKey, PinPolicy, TouchPolicy, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.verify_pin(b"123456")?; yubikey.authenticate(&mgm_key)?; let slot = SlotId::Retired(RetiredSlotId::R1); // Generate a P-256 key let public_key = piv::generate( &mut yubikey, slot, AlgorithmId::EccP256, PinPolicy::Default, TouchPolicy::Default, )?; let serial = SerialNumber::new(&[1, 2, 3]).unwrap(); let validity = Validity::from_now(Duration::from_secs(365 * 24 * 3600)).unwrap(); let subject = Name::from_str("CN=My Device").unwrap(); let cert = Certificate::generate_self_signed::<_, p256::NistP256>( &mut yubikey, slot, serial, validity, subject, public_key, |_builder| Ok(()), // no extra extensions )?; println!("Self-signed cert for: {}", cert.subject()); Ok(()) } ``` -------------------------------- ### Generate PIV Key Pair on YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Instructs the YubiKey to generate a new PIV key pair in-place, ensuring the private key never leaves the device. Returns the public key in SPKI format. Requires authentication with the management key and PIN verification. ```rust use yubikey::{ piv::{self, AlgorithmId, SlotId, RetiredSlotId}, MgmKey, PinPolicy, TouchPolicy, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.verify_pin(b"123456")?; yubikey.authenticate(&mgm_key)?; // Generate a P-256 key in the Signature slot let public_key = piv::generate( &mut yubikey, SlotId::Signature, AlgorithmId::EccP256, PinPolicy::Once, TouchPolicy::Always, )?; println!("Generated P-256 key: {:?}", public_key); Ok(()) } ``` -------------------------------- ### Read Device Configuration Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Retrieves the YubiKey device's stored configuration object, providing details about its settings. ```APIDOC ## YubiKey::config ### Description Retrieves the device's stored configuration object. ### Method Signature `YubiKey::config() -> Result` ### Request Example ```rust let config = yubikey.config()?; ``` ### Response Example ```rust // Example output for device configuration // Config { ... } ``` ``` -------------------------------- ### Open YubiKey by Serial Number Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Selects a specific YubiKey when multiple devices are connected, using its serial number. ```rust use yubikey::{YubiKey, Serial, Error}; use std::str::FromStr; fn main() -> Result<(), Error> { let serial = Serial::from_str("12345678")?; let mut yubikey = YubiKey::open_by_serial(serial)?; println!("Opened YubiKey serial {}", yubikey.serial()); Ok(()) } ``` -------------------------------- ### Run Ignored Tests with Cargo Source: https://github.com/iqlusioninc/yubikey.rs/blob/main/README.md Invoke this command to run tests that interact with a physical YubiKey device. These tests are marked as `#[ignore]` by default. ```shell cargo test -- --ignored ``` -------------------------------- ### Read YubiKey Device Configuration Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Retrieves the stored configuration object from the YubiKey device. This provides information about the device's settings. ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let config = yubikey.config()?; println!("Config: {:?}", config); Ok(()) } ``` -------------------------------- ### Write Certificate to YubiKey Slot Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Stores a parsed X.509 certificate into a specified slot on the YubiKey. The certificate can be uncompressed or gzip-compressed. Requires authentication with the management key. ```rust use yubikey::{ certificate::{Certificate, CertInfo}, piv::SlotId, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let mgm_key = yubikey::MgmKey::get_default(&yubikey)?; yubikey.authenticate(&mgm_key)?; let der_bytes = std::fs::read("my_cert.der").unwrap(); let cert = Certificate::from_bytes(der_bytes)?; cert.write(&mut yubikey, SlotId::Authentication, CertInfo::Uncompressed)?; println!("Certificate written to Authentication slot"); Ok(()) } ``` -------------------------------- ### Trace Raw APDU Messages Source: https://github.com/iqlusioninc/yubikey.rs/blob/main/README.md Set `RUST_LOG` to `trace` to capture and display all raw Application Protocol Data Unit (APDU) messages sent to and received from the YubiKey. This is useful for deep debugging of card interactions. ```text running 1 test [INFO yubikey::yubikey] trying to connect to reader 'Yubico YubiKey OTP+FIDO+CCID' [INFO yubikey::yubikey] connected to 'Yubico YubiKey OTP+FIDO+CCID' successfully [TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: SelectApplication, p1: 4, p2: 0, data: [160, 0, 0, 3, 8] } [TRACE yubikey::transaction] >>> [0, 164, 4, 0, 5, 160, 0, 0, 3, 8] [TRACE yubikey::apdu] <<< Response { status_words: Success, data: [97, 17, 79, 6, 0, 0, 16, 0, 1, 0, 121, 7, 79, 5, 160, 0, 0, 3, 8] } [TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetVersion, p1: 0, p2: 0, data: [] } [TRACE yubikey::transaction] >>> [0, 253, 0, 0, 0] [TRACE yubikey::apdu] <<< Response { status_words: Success, data: [5, 1, 2] } [TRACE yubikey::apdu] >>> Apdu { cla: 0, ins: GetSerial, p1: 0, p2: 0, data: [] } [TRACE yubikey::transaction] >>> [0, 248, 0, 0, 0] [TRACE yubikey::apdu] <<< Response { status_words: Success, data: [0, 115, 0, 178] } test connect ... ok ``` -------------------------------- ### List PIV Keys on YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Scans all 28 PIV slots on a YubiKey and returns a list of Key entries for occupied slots. Requires a mutable reference to the YubiKey. ```rust use yubikey::{piv::Key, YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let keys = Key::list(&mut yubikey)?; println!("{} PIV key(s) found:", keys.len()); for key in &keys { let cert = key.certificate(); println!( " Slot {:?}: subject={}, issuer={}", key.slot(), cert.subject(), cert.issuer(), ); } Ok(()) } ``` -------------------------------- ### Opening a YubiKey by serial number Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt `YubiKey::open_by_serial(serial: Serial)` allows selection of a specific YubiKey when multiple devices are connected, using the device's serial number. ```APIDOC ## Opening a YubiKey by serial number `YubiKey::open_by_serial(serial: Serial) -> Result` selects a specific device when multiple YubiKeys are connected. ### Request Example ```rust use yubikey::{YubiKey, Serial, Error}; use std::str::FromStr; fn main() -> Result<(), Error> { let serial = Serial::from_str("12345678")?; let mut yubikey = YubiKey::open_by_serial(serial)?; println!("Opened YubiKey serial {}", yubikey.serial()); Ok(()) } ``` ``` -------------------------------- ### Sign Data with PIV Key Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Signs provided data using a PIV key stored in a specified slot on the YubiKey. Requires PIN verification and authentication with the management key. The data to be signed should be a pre-formatted digest. ```rust use sha2::{Digest, Sha256}; use yubikey::{ piv::{self, AlgorithmId, SlotId}, MgmKey, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; yubikey.verify_pin(b"123456")?; let message = b"Hello, YubiKey!"; let digest = Sha256::digest(message); // Sign the SHA-256 digest with the P-256 key in the Signature slot let signature = piv::sign_data( &mut yubikey, &digest, AlgorithmId::EccP256, SlotId::Signature, )?; println!("Signature ({} bytes): {:02x?}", signature.len(), &signature[..]); Ok(()) } ``` -------------------------------- ### Generate and Set Management Key Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Generates a new management key appropriate for the YubiKey's firmware and sets it, after authenticating with the default key. Requires a `SysRng` for random number generation. ```rust use cipher::common::getrandom::SysRng; use yubikey::{mgm::{MgmAlgorithmId}, MgmKey, YubiKey, Error}; fn main() -> Result<(), Error> { let mut rng = SysRng; let mut yubikey = YubiKey::open()?; // Generate a key appropriate for this YubiKey's firmware let new_key = MgmKey::generate_for(&yubikey, &mut rng)?; // Authenticate with default key first, then set the new one let default_key = MgmKey::get_default(&yubikey)?; yubikey.authenticate(&default_key)?; new_key.set_manual(&mut yubikey, false)?; println!("New management key installed"); Ok(()) } ``` -------------------------------- ### List PIV Keys Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Scans all 28 PIV slots on a YubiKey and returns a list of Key entries for occupied slots, including the slot ID and certificate subject/issuer information. ```APIDOC ## Key::list ### Description Scans all 28 PIV slots and returns a list of `Key` entries (slot + certificate) for every occupied slot. ### Method Signature `Key::list(yubikey: &mut YubiKey) -> Result>` ### Request Example ```rust use yubikey::piv::Key; let keys = Key::list(&mut yubikey)?; ``` ### Response Example ```rust // Example output for keys // 2 PIV key(s) found: // Slot PIV(1): subject=CN=User,ISSUER=CN=YubiKey Root CA // Slot PIV(2): subject=CN=Admin,ISSUER=CN=YubiKey Root CA ``` ``` -------------------------------- ### Verify YubiKey PIN Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Verifies the user PIN for the YubiKey. Handles correct PIN, wrong PIN attempts, and locked PIN states. ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; match yubikey.verify_pin(b"123456") { Ok(()) => println!("PIN verified"), Err(Error::WrongPin { tries }) => { eprintln!("Wrong PIN — {} tries remaining", tries); } Err(Error::PinLocked) => eprintln!("PIN is locked"), Err(e) => return Err(e), } Ok(()) } ``` -------------------------------- ### Verifying the device PIN Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt `YubiKey::verify_pin()` is used to authenticate with the YubiKey using the user's PIN. It handles correct PIN verification, incorrect attempts, and locked states. ```APIDOC ## Verifying the device PIN `YubiKey::verify_pin(pin: &[u8]) -> Result<()>` verifies the user PIN. The default PIN is `123456`. A cached copy is kept internally for subsequent operations. ### Request Example ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; match yubikey.verify_pin(b"123456") { Ok(()) => println!("PIN verified"), Err(Error::WrongPin { tries }) => { eprintln!("Wrong PIN — {} tries remaining", tries); } Err(Error::PinLocked) => eprintln!("PIN is locked"), Err(e) => return Err(e), } Ok(()) } ``` ``` -------------------------------- ### Generate Self-Signed Certificate Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Creates and writes an X.509 self-signed certificate for a key already present in a given slot. It supports selecting the algorithm using the `yubikey_signer::KeyType` trait. ```APIDOC ## Certificate::generate_self_signed ### Description Creates and writes an X.509 self-signed certificate for a key already in the given slot. Uses the `yubikey_signer::KeyType` trait to select the algorithm. ### Method Signature `Certificate::generate_self_signed(yubikey, slot, serial, validity, subject, subject_pki, extensions) -> Result` ### Parameters #### Path Parameters - **slot** (SlotId) - Required - The PIV slot where the key resides. - **serial** (SerialNumber) - Required - The serial number for the certificate. - **validity** (Validity) - Required - The validity period of the certificate. - **subject** (Name) - Required - The subject distinguished name for the certificate. - **subject_pki** (KeyType) - Required - The public key associated with the certificate. - **extensions** (Closure) - Optional - A closure to add custom extensions. ### Request Example ```rust use std::time::Duration; use x509_cert::name::Name; use x509_cert::serial_number::SerialNumber; use x509_cert::time::Validity; use yubikey::piv::{SlotId, RetiredSlotId, AlgorithmId}; let slot = SlotId::Retired(RetiredSlotId::R1); let serial = SerialNumber::new(&[1, 2, 3]).unwrap(); let validity = Validity::from_now(Duration::from_secs(365 * 24 * 3600)).unwrap(); let subject = Name::from_str("CN=My Device").unwrap(); let cert = Certificate::generate_self_signed::<_, p256::NistP256>( &mut yubikey, slot, serial, validity, subject, public_key, // Assuming public_key is obtained previously |_builder| Ok(()), )?; ``` ### Response Example ```rust // Example output for a generated certificate // Self-signed cert for: CN=My Device ``` ``` -------------------------------- ### Write Certificate to Slot Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Stores a parsed X.509 certificate into the YubiKey's flash memory at the specified slot, supporting both uncompressed and gzip-compressed formats. ```APIDOC ## Certificate::write ### Description Stores a parsed `Certificate` into the YubiKey's flash at the given slot, either uncompressed or gzip-compressed. ### Method Signature `Certificate::write(yubikey, slot, certinfo) -> Result<()>` ### Parameters #### Path Parameters - **slot** (SlotId) - Required - The PIV slot to write the certificate to. - **certinfo** (CertInfo) - Required - Specifies whether the certificate is uncompressed or compressed. ### Request Example ```rust use yubikey::piv::SlotId; use yubikey::certificate::CertInfo; let der_bytes = std::fs::read("my_cert.der").unwrap(); let cert = Certificate::from_bytes(der_bytes)?; cert.write(&mut yubikey, SlotId::Authentication, CertInfo::Uncompressed)?; ``` ### Response Example ```rust // Success indicates the certificate was written. // Example output: // Certificate written to Authentication slot ``` ``` -------------------------------- ### Parse Certificate from DER Bytes Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Parses an X.509 certificate from raw DER-encoded bytes without needing a physical YubiKey device. Useful for pre-processing certificates. ```rust use yubikey::{certificate::Certificate, Error}; fn main() -> Result<(), Error> { let der_bytes = std::fs::read("tests/assets/Bob.der").unwrap(); let cert = Certificate::from_bytes(der_bytes)?; println!("Subject: {}", cert.subject()); // "CN=Bob" println!("Issuer: {}", cert.issuer()); // "CN=Ferdinand Linnenberg CA" Ok(()) } ``` -------------------------------- ### Authenticating with the management key Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt `YubiKey::authenticate()` performs mutual authentication using the management key, which is a prerequisite for administrative operations like key generation or certificate management. ```APIDOC ## Authenticating with the management key `YubiKey::authenticate(mgm_key: &MgmKey) -> Result<()>` performs mutual 3DES/AES challenge-response authentication with the card's management applet. Required before any administrative operation (key generation, certificate write, etc.). ### Request Example ```rust use yubikey::{YubiKey, MgmKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; // Load the factory-default management key let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.authenticate(&mgm_key)?; println!("Management key authenticated"); Ok(()) } ``` ``` -------------------------------- ### Read Certificate from PIV Slot Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Reads an X.509 certificate from a specified PIV slot on the YubiKey and parses it from DER encoding. Handles cases where no certificate is found in the slot. ```rust use yubikey::{ certificate::Certificate, piv::SlotId, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; match Certificate::read(&mut yubikey, SlotId::Authentication) { Ok(cert) => { println!("Subject: {}", cert.subject()); println!("Issuer: {}", cert.issuer()); } Err(Error::InvalidObject) => println!("No certificate in Authentication slot"), Err(e) => return Err(e), } Ok(()) } ``` -------------------------------- ### Set PIN-Protected Management Key Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Generates a new management key and stores it encrypted within the YubiKey's protected data object, requiring a PIN for future access. Authenticates with the default key and verifies the PIN before setting. ```rust use cipher::common::getrandom::SysRng; use yubikey::{MgmKey, YubiKey, Error}; fn main() -> Result<(), Error> { let mut rng = SysRng; let mut yubikey = YubiKey::open()?; let default_key = MgmKey::get_default(&yubikey)?; yubikey.verify_pin(b"123456")?; yubikey.authenticate(&default_key)?; let new_mgm = MgmKey::generate_for(&yubikey, &mut rng)?; new_mgm.set_protected(&mut yubikey)?; // Retrieve it later using only the PIN let retrieved = MgmKey::get_protected(&mut yubikey)?; yubikey.authenticate(&retrieved)?; println!("Protected management key works"); Ok(()) } ``` -------------------------------- ### Authenticate with Management Key Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Performs mutual authentication using the management key. This is required before administrative operations like key generation or certificate writing. ```rust use yubikey::{YubiKey, MgmKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; // Load the factory-default management key let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.authenticate(&mgm_key)?; println!("Management key authenticated"); Ok(()) } ``` -------------------------------- ### Read PIV Slot Metadata Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Retrieves metadata for a given PIV slot, including algorithm, PIN/touch policies, key origin, public key, and retry counters. Handles cases where the slot is empty or metadata is not supported by the firmware. ```rust use yubikey::{ piv::{self, SlotId, Origin}, MgmKey, YubiKey, Error, }; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let mgm_key = MgmKey::get_default(&yubikey)?; yubikey.verify_pin(b"123456")?; yubikey.authenticate(&mgm_key)?; match piv::metadata(&mut yubikey, SlotId::Signature) { Ok(meta) => { println!("Algorithm: {:?}", meta.algorithm); if let Some((pin, touch)) = meta.policy { println!("PIN policy: {:?}, Touch policy: {:?}", pin, touch); } if let Some(origin) = meta.origin { println!("Key origin: {:?}", origin); } } Err(Error::NotFound) => println!("No key in Signature slot"), Err(Error::NotSupported) => println!("Metadata not supported on this firmware"), Err(e) => return Err(e), } Ok(()) } ``` -------------------------------- ### Parse Certificate from DER Bytes Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Parses an X.509 certificate directly from raw DER-encoded bytes without needing to connect to a YubiKey device. ```APIDOC ## Certificate::from_bytes ### Description Parses an X.509 certificate from raw DER-encoded bytes without connecting to a device. ### Method Signature `Certificate::from_bytes(cert: impl Into) -> Result` ### Parameters #### Path Parameters - **cert** (Buffer) - Required - The DER-encoded certificate bytes. ### Request Example ```rust use yubikey::certificate::Certificate; let der_bytes = std::fs::read("path/to/certificate.der").unwrap(); let cert = Certificate::from_bytes(der_bytes)?; ``` ### Response Example ```rust // Example output for a parsed certificate // Subject: CN=Bob // Issuer: CN=Ferdinand Linnenberg CA ``` ``` -------------------------------- ### Read Certificate from PIV Slot Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Reads the X.509 certificate stored in a specified PIV slot and parses it from DER encoding. ```APIDOC ## Certificate::read ### Description Reads the X.509 certificate stored in the specified slot and parses it from DER encoding. ### Method Signature `Certificate::read(yubikey, slot) -> Result` ### Parameters #### Path Parameters - **slot** (SlotId) - Required - The PIV slot from which to read the certificate. ### Request Example ```rust use yubikey::piv::SlotId; let cert = Certificate::read(&mut yubikey, SlotId::Authentication)?; ``` ### Response Example ```rust // Example output for a certificate // Subject: CN=My Certificate // Issuer: CN=My CA ``` ``` -------------------------------- ### Querying remaining PIN retries Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt `YubiKey::get_pin_retries()` retrieves the number of remaining attempts before the YubiKey's PIN is locked. ```APIDOC ## Querying remaining PIN retries `YubiKey::get_pin_retries() -> Result` returns how many PIN verification attempts remain before the PIN is locked. ### Request Example ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let retries = yubikey.get_pin_retries()?; println!("{} PIN retries remaining", retries); Ok(()) } ``` ``` -------------------------------- ### Read CHUID and CCCID from YubiKey Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Reads the Cardholder Unique Identifier (CHUID) and Cardholder Capability Container identifier (CCCID) from a YubiKey. Handles cases where these identifiers may not be present. ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; match yubikey.chuid() { Ok(chuid) => println!("CHUID: {:?}", chuid), Err(Error::NotFound) => println!("No CHUID present"), Err(e) => return Err(e), } match yubikey.cccid() { Ok(cccid) => println!("CCCID: {:?}", cccid), Err(Error::NotFound) => println!("No CCCID present"), Err(e) => return Err(e), } Ok(()) } ``` -------------------------------- ### Query Remaining PIN Retries Source: https://context7.com/iqlusioninc/yubikey.rs/llms.txt Retrieves the number of remaining PIN verification attempts before the PIN is locked. ```rust use yubikey::{YubiKey, Error}; fn main() -> Result<(), Error> { let mut yubikey = YubiKey::open()?; let retries = yubikey.get_pin_retries()?; println!("{} PIN retries remaining", retries); Ok(()) } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.