The PIV module provides an implementation of the Personal Identity Verification (PIV) interface specified in the NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This standard specifies how to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common interfaces, such as PKCS#11.
The PIV module requires at minimum Java 7 or Android 4.4. Future versions may require a later baseline. Anything lower than Android 8.0 may receive less testing by Yubico.
dependencies {
// core library, connection detection, and raw commands communication with YubiKey
implementation 'com.yubico.yubikit:yubikit:$yubikitVersion'
// PIV
implementation 'com.yubico.yubikit:piv:$yubikitVersion'
}And in gradle.properties set latest version. Example:
yubikitVersion=1.0.0-beta05<dependency>
<groupId>com.yubico.yubikit</groupId>
<artifactId>yubikit</artifactId>
<version>1.0.0-beta05</version>
</dependency>
<dependency>
<groupId>com.yubico.yubikit</groupId>
<artifactId>piv</artifactId>
<version>1.0.0-beta05</version>
</dependency>The PIV module requires the yubikit core library to detect a YubikeySession (see Using YubiKit). Use this session to create a PivApplication to select the PIV applet on YubiKey.
PivApplication application = new PivApplication(session);
// run provided command/operation (generateKey/putCertificate/sign/etc)
- Run demo app
- Select "PIV demo" pivot in navigation drawer
- Plug in YubiKey and check the current certificates. You can generate new key and sign data with that key.
Note: The current demo doesn't allow import of certificates from file. Instead, it emulates import from pre-defined asset file and exports to local cache file. Use the cache file to import a certificate into another slot.