diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
index 7b5e0a0..4147c38 100644
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -1,6 +1,6 @@
 package me.hatter.tools.yubikeyca;
 
-import com.alibaba.fastjson.JSONObject;
+import me.hatter.tools.commons.collection.Tuple2;
 import me.hatter.tools.commons.log.LogConfig;
 import me.hatter.tools.commons.log.LogTool;
 import me.hatter.tools.commons.log.LogTools;
@@ -74,8 +74,8 @@ public class YubikeyCaMain {
 
         final X509Certificate intermediateCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
 
-        final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.signSlot);
-        final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
+        final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
+        final String signAlgorithm = signPivPublicKey.getVal1();
 
         final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair();
 
@@ -117,10 +117,9 @@ public class YubikeyCaMain {
 
         final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId);
 
-        final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.certSlot);
-        final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
-        final String certPublicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
-        final PublicKey certPublicKey = KeyUtil.parsePublicKeyPEM(certPublicKeyPem);
+        final Tuple2<String, PublicKey> certPivPublicKey = CardCliUtil.getPivPublicKey(args.certSlot);
+        final String signAlgorithm = certPivPublicKey.getVal1();
+        final PublicKey certPublicKey = certPivPublicKey.getVal2();
 
         final String cardCliCmd = CardCliUtil.getCardCliCmd();
         final X509Certificate intermediateCa = CertificateAuthority.instance()
@@ -141,10 +140,9 @@ public class YubikeyCaMain {
     private static void issueRootCa(YubikeyCaArgs args) {
         if (checkCertificateArgs(args)) return;
 
-        final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.signSlot);
-        final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
-        final String certPublicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
-        final PublicKey certPublicKey = KeyUtil.parsePublicKeyPEM(certPublicKeyPem);
+        final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
+        final String signAlgorithm = signPivPublicKey.getVal1();
+        final PublicKey certPublicKey = signPivPublicKey.getVal2();
 
         final String cardCliCmd = CardCliUtil.getCardCliCmd();
         final X509Certificate rootCa = CertificateAuthority.instance()
diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
index ad85461..6d86d24 100644
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
@@ -5,12 +5,15 @@ import com.alibaba.fastjson.JSONObject;
 import me.hatter.tools.commons.assertion.AssertUtil;
 import me.hatter.tools.commons.bytes.Bytes;
 import me.hatter.tools.commons.collection.CollectionUtil;
+import me.hatter.tools.commons.collection.Tuple2;
 import me.hatter.tools.commons.io.IOUtil;
 import me.hatter.tools.commons.log.LogTool;
 import me.hatter.tools.commons.log.LogTools;
+import me.hatter.tools.commons.security.key.KeyUtil;
 import me.hatter.tools.commons.string.StringUtil;
 
 import java.nio.charset.StandardCharsets;
+import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -31,6 +34,14 @@ public class CardCliUtil {
         return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes();
     }
 
+    public static Tuple2<String, PublicKey> getPivPublicKey(String slot) {
+        final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot);
+        final String algorithm = signPivMetaJsonObject.getString("algorithm");
+        final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
+        final PublicKey publicKey = KeyUtil.parsePublicKeyPEM(publicKeyPem);
+        return Tuple2.of(algorithm, publicKey);
+    }
+
     public static JSONObject getPivMeta(String slot) {
         AssertUtil.notEmpty(slot, "Slot cannot be empty.");
         return runCardCliAsJsonObject(Arrays.asList(