1. Home
  2. yubihsm-shell
  3. Manuals
  4. yubihsm-shell.1

    SYNOPSIS

    yubihsm-shell [OPTION]…

    OPTIONS

    -h, --help

    Print help and exit

    --full-help

    Print help, including hidden options, and exit

    -V, --version

    Print version and exit

    -a, --action=ENUM

    Action to perform (possible values="benchmark", "blink-device", "create-otp-aead", "decrypt-aesccm", "decrypt-oaep", "decrypt-otp", "decrypt-pkcs1v15", "delete-object", "derive-ecdh", "encrypt-aesccm", "generate-asymmetric-key", "generate-hmac-key", "generate-otp-aead-key", "generate-wrap-key", "get-device-info", "get-logs", "get-object-info", "get-opaque", "get-option", "get-pseudo-random", "get-public-key", "get-storage-info", "get-template", "get-wrapped", "get-device-pubkey", "list-objects", "put-asymmetric-key", "put-authentication-key", "put-hmac-key", "put-opaque", "put-option", "put-otp-aead-key", "put-template", "put-wrap-key", "put-wrapped", "randomize-otp-aead", "reset", "set-log-index", "sign-attestation-certificate", "sign-ecdsa", "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss", "sign-ssh-certificate")

    -p, --password=STRING

    Authentication password

    --authkey=INT

    Authentication key (default=‘1’)

    -i, --object-id=SHORT

    Object ID (default=‘0’)

    -l, --label=STRING

    Object label (default=`')

    -d, --domains=STRING

    Object domains (default=‘1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16’)

    -c, --capabilities=STRING

    Capabilities for an object (default=‘0’)

    -t, --object-type=STRING

    Object type

    --ykhsmauth-label=STRING

    Credential label on YubiKey (implicitly enables ykhsmauth)

    --delegated=STRING

    Delegated capabilities (default=‘0’)

    --new-password=STRING

    New authentication password

    -A, --algorithm=STRING

    Operation algorithm

    --nonce=INT

    OTP nonce

    --count=INT

    Number of bytes to request (default=‘256’)

    --duration=INT

    Blink duration in seconds (default=‘10’)

    --wrap-id=INT

    Wrap key ID

    --template-id=INT

    Template ID

    --attestation-id=INT

    Attestation ID

    --log-index=INT

    Log index

    --opt-name=STRING

    Device option name

    --opt-value=STRING

    Device option value

    --in=STRING

    Input data (filename) (default=‘-’)

    --out=STRING

    Output data (filename) (default=‘-’)

    --informat=ENUM

    Input format (possible values="default", "base64", "binary", "PEM", "password", "hex", "ASCII" default=‘default’)

    --outformat=ENUM

    Input and output format (possible values="default", "base64", "binary", "PEM", "hex", "ASCII" default=‘default’)

    -f, --config-file=STRING

    Configuration file to read (default=`')

    -C, --connector=STRING

    List of connectors to use

    --cacert=STRING

    HTTPS cacert for connector

    --proxy=STRING

    Proxy server to use for connector

    -v, --verbose=INT

    Print more information (default=‘0’)

    -P, --pre-connect

    Connect immediately in interactive mode (default=off)