yubico-piv-tool -a verify-pin --sign -s <slot> [ -H <hash algorithm> -A <key algorithm> -i <input data file> -o <signature file> ]
Signs input data
The signing operation requires verifying the PIN code, which is done using the "verify-pin" action
Parameter |
Required |
Optional |
Description |
Possible values |
Default value |
sign |
X |
Sign data |
|||
-s, --slot |
X |
What key slot to operate on |
9a, 9c, 9d, 9e, 82, 83, 84, 85, 86, 87, 88, 89, 8a, 8b, 8c, 8d, 8e, 8f, 90, 91, 92, 93, 94, 95, f9 |
||
-A, --algorithm |
X |
What algorithm to use to generate the key pair |
RSA1024, RSA2048, RSA3072, RSA4096, ECCP256, ECCP384, ED25519 |
RSA2048 |
|
-H, --hash |
X |
Hash to use for signatures |
SHA1, SHA256, SHA384, SHA512 |
SHA256 |
|
-i, --input |
X |
Filename to use as input |
file name or "-" for stdin |
- |
|
-o, --output |
X |
Filename to use as output |
file name or "-" for stdin |
- |
yubico-piv-tool -a verify-pin --sign -s 9c -H SHA512 -A RSA2048 -i data.txt -o data.sig Enter PIN: Successfully verified PIN. Signature successful!
openssl dgst -sha512 -verify pubkey.pem -signature data.sig data.txt Verified OK