This section contains a list of the commands supported by the YubiHSM 2.
The low-level format for each command message and the relative response is provided, together with an example of how that command can be used within the yubihsm-shell.
The numerical codes corresponding to each command are provided below:
Command Name |
Hex Value |
Echo |
0x01 |
Create Session |
0x03 |
Authenticate Session |
0x04 |
Session Message |
0x05 |
Get Device Info |
0x06 |
Reset Device |
0x08 |
Close Session |
0x40 |
Get Storage Info |
0x41 |
Put Opaque |
0x42 |
Get Opaque |
0x43 |
Put Authentication Key |
0x44 |
Put Asymmetric Key |
0x45 |
Generate Asymmetric Key |
0x46 |
Sign Pkcs1 |
0x47 |
List Objects |
0x48 |
Decrypt Pkcs1 |
0x49 |
Export Wrapped |
0x4a |
Import Wrapped |
0x4b |
Put Wrap Key |
0x4c |
Get Log Entries |
0x4d |
Get Object Info |
0x4e |
Set Option |
0x4f |
Get Option |
0x50 |
Get Pseudo Random |
0x51 |
Put Hmac Key |
0x52 |
Sign Hmac |
0x53 |
Get Public Key |
0x54 |
Sign Pss |
0x55 |
Sign Ecdsa |
0x56 |
Derive Ecdh |
0x57 |
Delete Object |
0x58 |
Decrypt Oaep |
0x59 |
Generate Hmac Key |
0x5a |
Generate Wrap Key |
0x5b |
Verify Hmac |
0x5c |
Sign Ssh Certificate |
0x5d |
Put Template |
0x5e |
Get Template |
0x5f |
Decrypt Otp |
0x60 |
Create Otp Aead |
0x61 |
Randomize Otp Aead |
0x62 |
Rewrap Otp Aead |
0x63 |
Sign Attestation Certificate |
0x64 |
Put Otp Aead Key |
0x65 |
Generate Otp Aead Key |
0x66 |
Set Log Index |
0x67 |
Wrap Data |
0x68 |
Unwrap Data |
0x69 |
Sign Eddsa |
0x6a |
Blink Device |
0x6b |
Change Authentication Key |
0x6c |