yubico-piv-tool -a read-certificate -s <slot> [ -o cert.pem ] yubico-piv-tool -a verify-pin -a test-signature -s <slot> [ -P <PIN code> -i cert.pem ]
Tests signing functions.
test-signature
and test-decipher
are actions that require verifying the PIN code or the fingerprint if the YubiKey
supports Bio verification, which has to be done in an action that must take place before the generation action,
otherwise the tests will fail. Use -a verify-pin
to verify the PIN and -a verify-bio
for fingerprint verification.
Performing the test will require the certificate stored on the slot to test. This is done using the "read-certificate" action first.
Parameter |
Required |
Optional |
Description |
Possible values |
Default value |
-s, --slot |
X |
What key slot to operate on |
9a, 9c, 9d, 9e, 82, 83, 84, 85, 86, 87, 88, 89, 8a, 8b, 8c, 8d, 8e, 8f, 90, 91, 92, 93, 94, 95, f9 |
||
-P, --pin |
X |
Pin/puk code for verification, if omitted pin/puk will be asked for |
|||
-i, --input |
X |
Filename to use as input. If left out, input will be read from Stdin |
None or file name |
Stdin |
|
-o, --output |
X |
Filename to use as output. If left out, output will be printed to Stdout |
None or file name |
Stdout |
yubico-piv-tool -a read-certificate -s 9a -----BEGIN CERTIFICATE----- MIIBuTCCAWCgAwIBAgIJAMOZXtijzEepMAoGCCqGSM49BAMCMDgxETAPBgNVBAMM CHBpdl9hdXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTAe Fw0xOTA4MTMwODEwNDVaFw0yMDA4MTIwODEwNDVaMDgxETAPBgNVBAMMCHBpdl9h dXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABKPfSKeNY204JiHsSUwDAV8GuYqZOHfJJxrT4E0q VWsKdC5zwRc7xvb2YgbMonPW5BfIUi766/VwWN54UsqWVuWjUzBRMB0GA1UdDgQW BBR/bpCmGr+ark0VbGX5UvYWy9dM9DAfBgNVHSMEGDAWgBR/bpCmGr+ark0VbGX5 UvYWy9dM9DAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIHZZe7Xm s6y8LKEBqGnbr1cbniHgMrvM1ST6GpL27HuaAiB+UwjI21GxIsd5r2avmwvT5LeZ gQBns9KNCIgkwx+/Iw== -----END CERTIFICATE-----
yubico-piv-tool -a verify-pin -a test-signature -s 9a Enter PIN: Successfully verified PIN. Please paste the certificate to verify against... -----BEGIN CERTIFICATE----- MIIBuTCCAWCgAwIBAgIJAMOZXtijzEepMAoGCCqGSM49BAMCMDgxETAPBgNVBAMM CHBpdl9hdXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTAe Fw0xOTA4MTMwODEwNDVaFw0yMDA4MTIwODEwNDVaMDgxETAPBgNVBAMMCHBpdl9h dXRoMQ0wCwYDVQQLDAR0ZXN0MRQwEgYDVQQKDAtleGFtcGxlLmNvbTBZMBMGByqG SM49AgEGCCqGSM49AwEHA0IABKPfSKeNY204JiHsSUwDAV8GuYqZOHfJJxrT4E0q VWsKdC5zwRc7xvb2YgbMonPW5BfIUi766/VwWN54UsqWVuWjUzBRMB0GA1UdDgQW BBR/bpCmGr+ark0VbGX5UvYWy9dM9DAfBgNVHSMEGDAWgBR/bpCmGr+ark0VbGX5 UvYWy9dM9DAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCIHZZe7Xm s6y8LKEBqGnbr1cbniHgMrvM1ST6GpL27HuaAiB+UwjI21GxIsd5r2avmwvT5LeZ gQBns9KNCIgkwx+/Iw== -----END CERTIFICATE----- Successful ECDSA verification.
It is also possible to combine the commands above into one single command (notice the order of the actions):
yubico-piv-tool -a read-certificate -a verify-pin -a test-signature -s 9a -o cert.pem -i cert.pem Enter PIN: Successfully verified PIN. Successful ECDSA verification.