def generate_rsa_key(self, key_slot, key_size, timestamp=None):
"""Requires Admin PIN verification."""
if (4, 2, 0) <= self.version < (4, 3, 5):
raise NotSupportedError(
"RSA key generation not supported on this YubiKey")
if timestamp is None:
timestamp = int(time.time())
neo = self.version < (4, 0, 0)
if not neo:
attributes = _format_rsa_attributes(key_size)
self._put_data(key_slot.key_id, attributes)
elif key_size != 2048:
raise ValueError("Unsupported key size!")
resp = self._app.send_apdu(0, INS.GENERATE_ASYM, 0x80, 0x00,
key_slot.crt)
data = Tlv.parse_dict(Tlv.unpack(0x7F49, resp))
numbers = rsa.RSAPublicNumbers(bytes2int(data[0x82]),
bytes2int(data[0x81]))
self._put_data(key_slot.gen_time, struct.pack(">I", timestamp))
# TODO: Calculate and write fingerprint
return numbers.public_key(default_backend())
def test_bytes2int(self):
self.assertEqual(0x57, bytes2int(b"\x57"))
self.assertEqual(0x1234, bytes2int(b"\x12\x34"))
self.assertEqual(0xCAFED00D, bytes2int(b"\xca\xfe\xd0\x0d"))