1
I am about to start using my YubiKey 4 (RSA 2048 bit key) for signing application binaries. There a quite a few tutorials about how to setup this. It seems that most tutorials based on the original Yubico guide (Android, MacOS), which confuses me.
When I reviewed the PIV certificate slot information, I came to the conclusion that Slot 9c
, Digital Signature, is the correct slot for code signing as I digitally sign the binary with my private key.
However, with e.g. the Yubico's Android guide, and may other guides, the selected certificate slot is 9a
, which is for PIV Authentication. The slots usage is for "authenticate the card and the cardholder" against "things like system login", which is clearly a misuse for the usage of code signing.
What is the correct (semantic) slot for a code signing certificate with YubiKey 4's PIV applet? And is there any reason why use/stick with slot 9a
?