table of contents
other versions
- bookworm-backports 2.6.0-3~bpo12+1
- testing 2.6.0-3
- unstable 2.6.0-4
| YUBIHSM-SHELL(1) | User Commands | YUBIHSM-SHELL(1) |
NAME¶
yubihsm-shell - manual page for yubihsm-shell 2.6.0
SYNOPSIS¶
yubihsm-shell [OPTION]...
DESCRIPTION¶
- -h, --help
- Print help and exit
- -V, --version
- Print version and exit
- -a, --action=ENUM
- Action to perform (possible values="benchmark", "blink-device", "create-otp-aead", "decrypt-aesccm", "decrypt-aescbc", "decrypt-aesecb", "decrypt-oaep", "decrypt-otp", "decrypt-pkcs1v15", "delete-object", "derive-ecdh", "encrypt-aesccm", "encrypt-aescbc", "encrypt-aesecb", "generate-asymmetric-key", "generate-hmac-key", "generate-otp-aead-key", "generate-wrap-key", "generate-symmetric-key", "get-device-info", "get-logs", "get-object-info", "get-opaque", "get-option", "get-pseudo-random", "get-public-key", "get-storage-info", "get-template", "get-wrapped", "get-rsa-wrapped", "get-rsa-wrapped-key", "get-device-pubkey", "list-objects", "put-asymmetric-key", "put-authentication-key", "put-hmac-key", "put-opaque", "put-option", "put-otp-aead-key", "put-symmetric-key", "put-template", "put-wrap-key", "put-rsa-wrapkey", "put-public-wrapkey", "put-wrapped", "put-rsa-wrapped", "put-rsa-wrapped-key", "randomize-otp-aead", "reset", "set-log-index", "sign-attestation-certificate", "sign-ecdsa", "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss", "sign-ssh-certificate")
- -p, --password=STRING
- Authentication password
- --authkey=INT
- Authentication key (default=`1')
- -i, --object-id=SHORT
- Object ID (default=`0')
- -l, --label=STRING
- Object label (default=`')
- -d, --domains=STRING
- Object domains (default=`1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16')
- -c, --capabilities=STRING
- Capabilities for an object (default=`0')
- -t, --object-type=STRING
- Object type (default=`any')
- -y, --ykhsmauth-label=STRING
- Credential label on YubiKey (implicitly enables ykhsmauth)
- -r, --ykhsmauth-reader=STRING Only use a matching YubiKey reader name
- (default=`')
- --delegated=STRING
- Delegated capabilities (default=`0')
- --new-password=STRING
- New authentication password
- -A, --algorithm=STRING
- Operation algorithm (default=`any')
- --oaep=STRING
- OAEP algorithm. Used primarily with asymmetric wrap (default=`rsa-oaep-sha256')
- --mgf1=STRING
- MGF1 algorithm. Used primarily with asymmetric wrap (default=`mgf1-sha256')
- --nonce=INT
- OTP nonce
- --iv=STRING
- An initialization vector as a hexadecimal string
- --count=INT
- Number of bytes to request (default=`256')
- --duration=INT
- Blink duration in seconds (default=`10')
- --wrap-id=INT
- Wrap key ID
- --include-seed
- Include seed when exporting an ED25519 key under wrap (default=off)
- --template-id=INT
- Template ID
- --attestation-id=INT
- Attestation ID
- --log-index=INT
- Log index
- --opt-name=STRING
- Device option name
- --opt-value=STRING
- Device option value
- --in=STRING
- Input data (filename) (default=`-')
- --out=STRING
- Output data (filename) (default=`-')
- --informat=ENUM
- Input format (possible values="default", "base64", "binary", "PEM", "password", "hex", "ASCII" default=`default')
- --outformat=ENUM
- Input and output format (possible values="default", "base64", "binary", "PEM", "hex", "ASCII" default=`default')
- -f, --config-file=STRING
- Configuration file to read (default=`')
- -C, --connector=STRING
- List of connectors to use
- --cacert=STRING
- HTTPS cacert for connector
- --cert=STRING
- HTTPS client certificate to authenticate with
- --key=STRING
- HTTPS client certificate key
- --proxy=STRING
- Proxy server to use for connector
- --noproxy=STRING
- Comma separated list of hosts ignore proxy for
- -v, --verbose=INT
- Print more information (default=`0')
- -P, --pre-connect
- Connect immediately in interactive mode (default=off)
- --device-pubkey=STRING
- List of device public keys allowed for asymmetric authentication
| December 2024 | yubihsm-shell 2.6.0 |