yubihsm-shell - Man Page

manual page for yubihsm-shell 2.2.0


yubihsm-shell [OPTION]...


-h,  --help

Print help and exit


Print help, including hidden options, and exit

-V,  --version

Print version and exit

-a,  --action=ENUM

Action to perform  (possible values="benchmark", "blink-device", "create-otp-aead", "decrypt-aesccm", "decrypt-oaep", "decrypt-otp", "decrypt-pkcs1v15", "delete-object", "derive-ecdh", "encrypt-aesccm", "generate-asymmetric-key", "generate-hmac-key", "generate-otp-aead-key", "generate-wrap-key", "get-device-info", "get-logs", "get-object-info", "get-opaque", "get-pseudo-random", "get-public-key", "get-storage-info", "get-template", "get-wrapped", "get-device-pubkey", "list-objects", "put-asymmetric-key", "put-authentication-key", "put-hmac-key", "put-opaque", "put-otp-aead-key", "put-template", "put-wrap-key", "put-wrapped", "randomize-otp-aead", "reset", "set-log-index", "set-option", "sign-attestation-certificate", "sign-ecdsa", "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss", "sign-ssh-certificate")

-p,  --password=STRING

Authentication password


Authentication key  (default=`1')

-i,  --object-id=SHORT

Object ID  (default=`0')

-l,  --label=STRING

Object label  (default=`')

-d,  --domains=STRING

Object domains (default=`1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16')

-c,  --capabilities=STRING

Capabilities for an object  (default=`0')

-t,  --object-type=STRING

Object type


Credential label on YubiKey (implicitly enables ykhsmauth)


Delegated capabilities  (default=`0')


New authentication password

-A,  --algorithm=STRING

Operation algorithm


OTP nonce


Number of bytes to request  (default=`256')


Blink duration in seconds  (default=`10')


Wrap key ID


Template ID


Attestation ID


Log index


Input data (filename)  (default=`-')


Output data (filename)  (default=`-')


Input format  (possible values="default", "base64", "binary", "PEM", "password", "hex", "ASCII" default=`default')


Input and output format  (possible values="default", "base64", "binary", "PEM", "hex", "ASCII" default=`default')

-f,  --config-file=STRING

Configuration file to read  (default=`')

-C,  --connector=STRING

List of connectors to use


HTTPS cacert for connector


Proxy server to use for connector

-v,  --verbose=INT

Print more information  (default=`0')

-P,  --pre-connect

Connect immediately in interactive mode (default=off)


April 2021 yubihsm-shell 2.2.0