Test Decryption

yubico-piv-tool -a read-certificate -s <slot> [ -o cert.pem ]
yubico-piv-tool -a verify-pin -a test-decipher -s <slot> [ -P <PIN code> -i cert.pem ]

Description

Tests decryption function.

test-signature and test-decipher are actions that require verifying the PIN code or the fingerprint if the YubiKey supports Bio verification, which has to be done in an action that must take place before the generation action, otherwise the tests will fail. Use -a verify-pin to verify the PIN and -a verify-bio for fingerprint verification.

Performing the test will require the certificate stored on the slot to test. This is done using the "read-certificate" action first.

Parameters

Parameter

Required

Optional

Description

Possible values

Default value

-s, --slot

X

What key slot to operate on

9a, 9c, 9d, 9e, 82, 83, 84, 85, 86, 87, 88, 89, 8a, 8b, 8c, 8d, 8e, 8f, 90, 91, 92, 93, 94, 95, f9

-P, --pin

X

Pin/puk code for verification, if omitted pin/puk will be asked for

-i, --input

X

Filename to use as input. If left out, input will be read from Stdin

None or file name

Stdin

-o, --output

X

Filename to use as output. If left out, output will be printed to Stdout

None or file name

Stdout

Examples

yubico-piv-tool -a read-certificate -s 9a
-----BEGIN CERTIFICATE-----
MIIBuTCCAWCgAwIBAgIJAMOZXtijzEepMAoGCCqGSM49BAMCMDgxETAPBgNVBAMM
CHBpdl9hdXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTAe
Fw0xOTA4MTMwODEwNDVaFw0yMDA4MTIwODEwNDVaMDgxETAPBgNVBAMMCHBpdl9h
dXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABKPfSKeNY204JiHsSUwDAV8GuYqZOHfJJxrT4E0q
VWsKdC5zwRc7xvb2YgbMonPW5BfIUi766/VwWN54UsqWVuWjUzBRMB0GA1UdDgQW
BBR/bpCmGr+ark0VbGX5UvYWy9dM9DAfBgNVHSMEGDAWgBR/bpCmGr+ark0VbGX5
UvYWy9dM9DAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIHZZe7Xm
s6y8LKEBqGnbr1cbniHgMrvM1ST6GpL27HuaAiB+UwjI21GxIsd5r2avmwvT5LeZ
gQBns9KNCIgkwx+/Iw==
-----END CERTIFICATE-----
yubico-piv-tool -a verify-pin -a test-decipher -s 9a
Enter PIN:
Successfully verified PIN.
Please paste the certificate to encrypt for...
-----BEGIN CERTIFICATE-----
MIIBuTCCAWCgAwIBAgIJAMOZXtijzEepMAoGCCqGSM49BAMCMDgxETAPBgNVBAMM
CHBpdl9hdXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTAe
Fw0xOTA4MTMwODEwNDVaFw0yMDA4MTIwODEwNDVaMDgxETAPBgNVBAMMCHBpdl9h
dXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTBZMBMGByqG
SM49AgEGCCqGSM49AwEHA0IABKPfSKeNY204JiHsSUwDAV8GuYqZOHfJJxrT4E0q
VWsKdC5zwRc7xvb2YgbMonPW5BfIUi766/VwWN54UsqWVuWjUzBRMB0GA1UdDgQW
BBR/bpCmGr+ark0VbGX5UvYWy9dM9DAfBgNVHSMEGDAWgBR/bpCmGr+ark0VbGX5
UvYWy9dM9DAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIHZZe7Xm
s6y8LKEBqGnbr1cbniHgMrvM1ST6GpL27HuaAiB+UwjI21GxIsd5r2avmwvT5LeZ
gQBns9KNCIgkwx+/Iw==
-----END CERTIFICATE-----
Successfully performed ECDH exchange with card.

It is also possible to combine the commands above into one single command (notice the order of the actions):

yubico-piv-tool -a read-certificate -a verify-pin -a test-decipher -s 9a -o cert.pem -i cert.pem
Enter PIN:
Successfully verified PIN.
Successfully performed ECDH exchange with card.