Merge PR #166

core/src/main/java/com/yubico/yubikit/core/smartcard/scp/SecurityDomainSession.java

@@ -336,8 +336,12 @@ public void deleteKey(KeyRef keyRef, boolean deleteLast) throws ApduException, I
    *
    * <p>Requires off-card entity verification.
    *
+   * <p>If the new key is replacing an existing key with different KVN, the key being replaced can
+   * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with
+   * that KVN will be deleted.
+   *
    * @param keyRef the KID-KVN pair to assign the new key
-   * @param replaceKvn 0 to generate a new keypair, non-zero to replace an existing KVN
+   * @param replaceKvn if non-zero replace existing key
    * @return the public key from the generated key pair
    */
   public PublicKeyValues.Ec generateEcKey(KeyRef keyRef, int replaceKvn)
@@ -364,9 +368,13 @@ public PublicKeyValues.Ec generateEcKey(KeyRef keyRef, int replaceKvn)
    *
    * <p>Requires off-card entity verification.
    *
+   * <p>If the new key is replacing an existing key with different KVN, the key being replaced can
+   * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with
+   * that KVN will be deleted.
+   *
    * @param keyRef the KID-KVN pair to assign the new key set, KID must be 1
    * @param keys the key material to import
-   * @param replaceKvn 0 to generate a new keypair, non-zero to replace an existing KVN
+   * @param replaceKvn if non-zero replace existing key
    */
   public void putKey(KeyRef keyRef, StaticKeys keys, int replaceKvn)
       throws ApduException, IOException, BadResponseException {
@@ -410,9 +418,13 @@ public void putKey(KeyRef keyRef, StaticKeys keys, int replaceKvn)
    *
    * <p>Requires off-card entity verification.
    *
+   * <p>If the new key is replacing an existing key with different KVN, the key being replaced can
+   * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with
+   * that KVN will be deleted.
+   *
    * @param keyRef the KID-KVN pair to assign the new secret key, KID must be 0x11, 0x13, or 0x15
    * @param secretKey a private EC key used to authenticate the SD
-   * @param replaceKvn 0 to generate a new keypair, non-zero to replace an existing KVN
+   * @param replaceKvn if non-zero replace existing key
    */
   public void putKey(KeyRef keyRef, PrivateKeyValues secretKey, int replaceKvn)
       throws ApduException, IOException, BadResponseException {
@@ -454,9 +466,13 @@ public void putKey(KeyRef keyRef, PrivateKeyValues secretKey, int replaceKvn)
    *
    * <p>Requires off-card entity verification.
    *
+   * <p>If the new key is replacing an existing key with different KVN, the key being replaced can
+   * be specified via the replaceKvn parameter. When this value is non-zero, the existing key with
+   * that KVN will be deleted.
+   *
    * @param keyRef the KID-KVN pair to assign the new public key
    * @param publicKey a public EC key used as CA to authenticate the off-card entity
-   * @param replaceKvn 0 to generate a new keypair, non-zero to replace an existing KVN
+   * @param replaceKvn if non-zero replace existing key
    */
   public void putKey(KeyRef keyRef, PublicKeyValues publicKey, int replaceKvn)
       throws ApduException, IOException, BadResponseException {

piv/src/main/java/com/yubico/yubikit/piv/PivSession.java

@@ -1418,8 +1418,7 @@ public void moveKey(Slot sourceSlot, Slot destinationSlot) throws IOException, A
    * Delete key from slot. This method requires authentication with management key {@link
    * #authenticate}.
    *
-   * @param slot Slot to delete key from. It is not possible to delete key from {@link
-   *     Slot#ATTESTATION}
+   * @param slot Slot to delete key from.
    * @throws IOException in case of connection error
    * @throws ApduException in case of an error response from the YubiKey
    * @see Slot