The following issues are known to affect the current release.
VM USB redirection may function inconsistently, particularly in Windows environments.
yubihsm-shell utility is limited to reading 4096 bytes in a single command.
Yubihsm-shell when invoked in Command-Line mode (CLI) does not implement the following commands (actions):
Restore for non-shared Wrap Keys is currently not supported in
Attestation currently does not support ed25519 keys.
yubihsm-wrap correctly wraps the following Object Types:
The tool uses a catch-all for the rest which may not be correct.
The PKCS#11 module only supports symmetric encryption with
CKA_ID can only be two bytes long on the device and is therefore truncated to that length
CKA_LABEL is maximum 40 bytes
C_InitToken() are not supported. Equivalent operations have to be done through other interfaces (e.g.,
C_CopyObject() is not supported. Objects are never modifiable after creation
C_SetAttributeValue() can only be used to set the same
CKA_LABEL on an object, not to change it. No other use of
C_SetAttributeValue() is supported.
EdDSA signing, including Ed22519, is limited to the size of one message to the YubiHSM: 2019 bytes.