Complete the mutual authentication process started with Create Session.


Finish the Session negotiation and authenticate the Session to the device. After this command completes successfully the Session is authenticated and can be used.

Shell Example

Create a new Session with Authentication Key 1 using the password password, this performs both the creation and authentication steps:

yubihsm> session open 1 password
Created session 0

Protocol Details


Tc = 0x04

Lc = 17

Vc = S || B || M

S := Session ID (1 byte)

B := Host Cryptogram (8 bytes)

M := CMAC(S-MAC, 016 || T || Lc + 8 || S || B) (8 bytes)

This is the first authenticated message in the chain.

The device verifies M and B, both using S-MAC.


Tr = 0x84

Lr = 0

Vr = Ø