1YUBIHSM-SHELL(1) User Commands YUBIHSM-SHELL(1)
2
3
4
6 yubihsm-shell - manual page for yubihsm-shell 2.4.1
7
9 yubihsm-shell [OPTION]...
10
12 -h, --help
13 Print help and exit
14
15 --full-help
16 Print help, including hidden options, and exit
17
18 -V, --version
19 Print version and exit
20
21 -a, --action=ENUM
22 Action to perform (possible values="benchmark", "blink-device",
23 "create-otp-aead", "decrypt-aesccm", "decrypt-aescbc", "de‐
24 crypt-aesecb", "decrypt-oaep", "decrypt-otp", "de‐
25 crypt-pkcs1v15", "delete-object", "derive-ecdh", "en‐
26 crypt-aesccm", "encrypt-aescbc", "encrypt-aesecb", "gener‐
27 ate-asymmetric-key", "generate-hmac-key", "gener‐
28 ate-otp-aead-key", "generate-wrap-key", "generate-symmet‐
29 ric-key", "get-device-info", "get-logs", "get-object-info",
30 "get-opaque", "get-option", "get-pseudo-random", "get-pub‐
31 lic-key", "get-storage-info", "get-template", "get-wrapped",
32 "get-device-pubkey", "list-objects", "put-asymmetric-key",
33 "put-authentication-key", "put-hmac-key", "put-opaque", "put-op‐
34 tion", "put-otp-aead-key", "put-symmetric-key", "put-template",
35 "put-wrap-key", "put-wrapped", "randomize-otp-aead", "reset",
36 "set-log-index", "sign-attestation-certificate", "sign-ecdsa",
37 "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss",
38 "sign-ssh-certificate")
39
40 -p, --password=STRING
41 Authentication password
42
43 --authkey=INT
44 Authentication key (default=`1')
45
46 -i, --object-id=SHORT
47 Object ID (default=`0')
48
49 -l, --label=STRING
50 Object label (default=`')
51
52 -d, --domains=STRING
53 Object domains (de‐
54 fault=`1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16')
55
56 -c, --capabilities=STRING
57 Capabilities for an object (default=`0')
58
59 -t, --object-type=STRING
60 Object type (default=`any')
61
62 -y, --ykhsmauth-label=STRING
63 Credential label on YubiKey (implicitly enables ykhsmauth)
64
65 -r, --ykhsmauth-reader=STRING Only use a matching YubiKey reader name
66 (default=`')
67
68 --delegated=STRING
69 Delegated capabilities (default=`0')
70
71 --new-password=STRING
72 New authentication password
73
74 -A, --algorithm=STRING
75 Operation algorithm (default=`any')
76
77 --nonce=INT
78 OTP nonce
79
80 --iv=STRING
81 An initialization vector as a hexadecimal string
82
83 --count=INT
84 Number of bytes to request (default=`256')
85
86 --duration=INT
87 Blink duration in seconds (default=`10')
88
89 --wrap-id=INT
90 Wrap key ID
91
92 --template-id=INT
93 Template ID
94
95 --attestation-id=INT
96 Attestation ID
97
98 --log-index=INT
99 Log index
100
101 --opt-name=STRING
102 Device option name
103
104 --opt-value=STRING
105 Device option value
106
107 --in=STRING
108 Input data (filename) (default=`-')
109
110 --out=STRING
111 Output data (filename) (default=`-')
112
113 --informat=ENUM
114 Input format (possible values="default", "base64", "binary",
115 "PEM", "password", "hex", "ASCII" default=`default')
116
117 --outformat=ENUM
118 Input and output format (possible values="default", "base64",
119 "binary", "PEM", "hex", "ASCII" default=`default')
120
121 -f, --config-file=STRING
122 Configuration file to read (default=`')
123
124 -C, --connector=STRING
125 List of connectors to use
126
127 --cacert=STRING
128 HTTPS cacert for connector
129
130 --cert=STRING
131 HTTPS client certificate to authenticate with
132
133 --key=STRING
134 HTTPS client certificate key
135
136 --proxy=STRING
137 Proxy server to use for connector
138
139 --noproxy=STRING
140 Comma separated list of hosts ignore proxy for
141
142 -v, --verbose=INT
143 Print more information (default=`0')
144
145 -P, --pre-connect
146 Connect immediately in interactive mode (default=off)
147
148
149
150yubihsm-shell 2.4.1 August 2023 YUBIHSM-SHELL(1)