Man page - yubihsm-shell(1)
Packages contains this manual
Manual
YUBIHSM-SHELL
NAMESYNOPSIS
DESCRIPTION
NAME
yubihsm-shell - manual page for yubihsm-shell 2.6.0
SYNOPSIS
yubihsm-shell [ OPTION ]...
DESCRIPTION
-h , --help
Print help and exit
-V , --version
Print version and exit
-a , --action = ENUM
Action to perform (possible values="benchmark", "blink-device", "create-otp-aead", "decrypt-aesccm", "decrypt-aescbc", "decrypt-aesecb", "decrypt-oaep", "decrypt-otp", "decrypt-pkcs1v15", "delete-object", "derive-ecdh", "encrypt-aesccm", "encrypt-aescbc", "encrypt-aesecb", "generate-asymmetric-key", "generate-hmac-key", "generate-otp-aead-key", "generate-wrap-key", "generate-symmetric-key", "get-device-info", "get-logs", "get-object-info", "get-opaque", "get-option", "get-pseudo-random", "get-public-key", "get-storage-info", "get-template", "get-wrapped", "get-rsa-wrapped", "get-rsa-wrapped-key", "get-device-pubkey", "list-objects", "put-asymmetric-key", "put-authentication-key", "put-hmac-key", "put-opaque", "put-option", "put-otp-aead-key", "put-symmetric-key", "put-template", "put-wrap-key", "put-rsa-wrapkey", "put-public-wrapkey", "put-wrapped", "put-rsa-wrapped", "put-rsa-wrapped-key", "randomize-otp-aead", "reset", "set-log-index", "sign-attestation-certificate", "sign-ecdsa", "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss", "sign-ssh-certificate")
-p , --password = STRING
Authentication password
--authkey = INT
Authentication key (default=β1β)
-i , --object-id = SHORT
Object ID (default=β0β)
-l , --label = STRING
Object label (default=ββ)
-d , --domains = STRING
Object domains (default=β1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16β)
-c , --capabilities = STRING
Capabilities for an object (default=β0β)
-t , --object-type = STRING
Object type (default=βanyβ)
-y , --ykhsmauth-label = STRING
Credential label on YubiKey (implicitly enables ykhsmauth)
-r , --ykhsmauth-reader = STRING Only use a matching YubiKey reader name
(default=ββ)
--delegated = STRING
Delegated capabilities (default=β0β)
--new-password = STRING
New authentication password
-A , --algorithm = STRING
Operation algorithm (default=βanyβ)
--oaep = STRING
OAEP algorithm. Used primarily with asymmetric wrap (default=βrsa-oaep-sha256β)
--mgf1 = STRING
MGF1 algorithm. Used primarily with asymmetric wrap (default=βmgf1-sha256β)
--nonce = INT
OTP nonce
--iv = STRING
An initialization vector as a hexadecimal string
--count = INT
Number of bytes to request (default=β256β)
--duration = INT
Blink duration in seconds (default=β10β)
--wrap-id = INT
Wrap key ID
--include-seed
Include seed when exporting an ED25519 key under wrap (default=off)
--template-id = INT
Template ID
--attestation-id = INT
Attestation ID
--log-index = INT
Log index
--opt-name = STRING
Device option name
--opt-value = STRING
Device option value
--in = STRING
Input data (filename) (default=β-β)
--out = STRING
Output data (filename) (default=β-β)
--informat = ENUM
Input format (possible values="default", "base64", "binary", "PEM", "password", "hex", "ASCII" default=βdefaultβ)
--outformat = ENUM
Input and output format (possible values="default", "base64", "binary", "PEM", "hex", "ASCII" default=βdefaultβ)
-f , --config-file = STRING
Configuration file to read (default=ββ)
-C , --connector = STRING
List of connectors to use
--cacert = STRING
HTTPS cacert for connector
--cert = STRING
HTTPS client certificate to authenticate with
--key = STRING
HTTPS client certificate key
--proxy = STRING
Proxy server to use for connector
--noproxy = STRING
Comma separated list of hosts ignore proxy for
-v , --verbose = INT
Print more information (default=β0β)
-P , --pre-connect
Connect immediately in interactive mode (default=off)
--device-pubkey = STRING
List of device public keys allowed for asymmetric authentication