Useful commands for keypair generation
General steps
Generate a "fake" certificate
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 36500 -nodes
Extract the public key
openssl x509 -inform pem -in cert.pem -pubkey -noout
Storing on a Yubikey

The Yubikey has to be enabled to store certificates, see
YubikeySigning
Convert to PFX (for Yubikey storage)
openssl pkcs12 -inkey key.pem -in cert.pem -export -out yubikey.pfx
Store in a Yubikey
yubico-piv-tool -s 9c -i yubikey.pfx -K PKCS12 -p test -a set-chuid -a import-key -a import-cert
--
HerveRousseau - 2017-01-26