Commands

This section contains a list of the commands supported by the YubiHSM 2.

The low-level format for each command message and the relative response is provided, together with an example of how that command can be used within the yubihsm-shell.

The numerical codes corresponding to each command are provided below:

Command Name

Hex Value

Echo

0x01

Create Session

0x03

Authenticate Session

0x04

Session Message

0x05

Get Device Info

0x06

Reset Device

0x08

Get Device Pubkey

0x0a

Close Session

0x40

Get Storage Info

0x41

Put Opaque

0x42

Get Opaque

0x43

Put Authentication Key

0x44

Put Asymmetric Key

0x45

Generate Asymmetric Key

0x46

Sign Pkcs1

0x47

List Objects

0x48

Decrypt Pkcs1

0x49

Export Wrapped

0x4a

Import Wrapped

0x4b

Put Wrap Key

0x4c

Get Log Entries

0x4d

Get Object Info

0x4e

Set Option

0x4f

Get Option

0x50

Get Pseudo Random

0x51

Put Hmac Key

0x52

Sign Hmac

0x53

Get Public Key

0x54

Sign Pss

0x55

Sign Ecdsa

0x56

Derive Ecdh

0x57

Delete Object

0x58

Decrypt Oaep

0x59

Generate Hmac Key

0x5a

Generate Wrap Key

0x5b

Verify Hmac

0x5c

Sign Ssh Certificate

0x5d

Put Template

0x5e

Get Template

0x5f

Decrypt Otp

0x60

Create Otp Aead

0x61

Randomize Otp Aead

0x62

Rewrap Otp Aead

0x63

Sign Attestation Certificate

0x64

Put Otp Aead Key

0x65

Generate Otp Aead Key

0x66

Set Log Index

0x67

Wrap Data

0x68

Unwrap Data

0x69

Sign Eddsa

0x6a

Blink Device

0x6b

Change Authentication Key

0x6c

Put Symmetric Key

0x6d

Generate Symmetric key

0x6e

Decrypt AES ECB

0x6f

Encrypt AES ECB

0x70

Decrypt AES CBC

0x71

Encrypt AED CBC

0x72