#!/bin/bash
echo "Scanning YubiKey slots for SSH keys..."
echo "---------------------------------------------------"

# Loop through the slots that support SSH keys
for SLOT in 9a 9c 9d 9e; do
    # Try to export the key to a temp file
    if ykman piv keys export $SLOT /tmp/yubi_tmp.pem > /dev/null 2>&1; then
        echo -e "\033[0;32mFOUND KEY IN SLOT $SLOT:\033[0m"
        
        # Check if there is a certificate label
        LABEL=$(ykman piv certificates export $SLOT - 2>/dev/null | openssl x509 -noout -subject 2>/dev/null)
        if [ ! -z "$LABEL" ]; then
            echo "Certificate Label: $LABEL"
        fi

        # Convert to SSH format and print
        ssh-keygen -i -m PKCS8 -f /tmp/yubi_tmp.pem
        echo "---------------------------------------------------"
        rm /tmp/yubi_tmp.pem
    fi
done