1. Home
  2. Archive Old Dev Docs
  3. YubiHSM2
  4. Commands
  5. Change Authentication Key

    CHANGE AUTHENTICATION KEY

    Change an Authentication Key.

    Description

    Replace the Authentication Key used to establish the current Session. It is not possible to modify any of the metadata connected to the Object such as Domains or Capabilities. Only the payload data of the Object (i.e., the long-lived symmetric keys) will be modified.

    The same PBKDF2 derivation scheme described in Session is available.

    Shell Example

    Change the current Authentication Key deriving it from the password newpassword:

    yubihsm> change authkey 0 1 newpassword
Changed Authentication key 0x0001

    Protocol Details

    Command

    Tc = 0x6c

    Lc = 2 + 1 + 16 + 16

    Vc = I || A || Ke || Km

    Replace the currently used Authentication Key with a new set of keys.

    I := Object ID of the Authentication Key (2 bytes)

    A := Algorithm (1 byte)

    Ke := Encryption Key (16 bytes)

    Km := Mac Key (16 bytes)

    Response

    Tr = 0xec

    Lr = 2

    Vr = I

    I := Object ID of the changed Object (2 bytes)