1YUBIHSM-SHELL(1) User Commands YUBIHSM-SHELL(1)
2
6 yubihsm-shell - manual page for yubihsm-shell 2.4.2
7
9 yubihsm-shell [OPTION]...
10
12 -h, --help
13 Print help and exit
14 --full-help
16 Print help, including hidden options, and exit
17 -V, --version
19 Print version and exit
20 -a, --action=ENUM
22 Action to perform (possible values="benchmark", "blink-device",
23 "create-otp-aead", "decrypt-aesccm", "decrypt-aescbc", "de‐
24 crypt-aesecb", "decrypt-oaep", "decrypt-otp", "de‐
25 crypt-pkcs1v15", "delete-object", "derive-ecdh", "en‐
26 crypt-aesccm", "encrypt-aescbc", "encrypt-aesecb", "gener‐
27 ate-asymmetric-key", "generate-hmac-key", "gener‐
28 ate-otp-aead-key", "generate-wrap-key", "generate-symmet‐
29 ric-key", "get-device-info", "get-logs", "get-object-info",
30 "get-opaque", "get-option", "get-pseudo-random", "get-pub‐
31 lic-key", "get-storage-info", "get-template", "get-wrapped",
32 "get-device-pubkey", "list-objects", "put-asymmetric-key",
33 "put-authentication-key", "put-hmac-key", "put-opaque", "put-op‐
34 tion", "put-otp-aead-key", "put-symmetric-key", "put-template",
35 "put-wrap-key", "put-wrapped", "randomize-otp-aead", "reset",
36 "set-log-index", "sign-attestation-certificate", "sign-ecdsa",
37 "sign-eddsa", "sign-hmac", "sign-pkcs1v15", "sign-pss",
38 "sign-ssh-certificate")
39 -p, --password=STRING
41 Authentication password
42 --authkey=INT
44 Authentication key (default=`1')
45 -i, --object-id=SHORT
47 Object ID (default=`0')
48 -l, --label=STRING
50 Object label (default=`')
51 -d, --domains=STRING
53 Object domains (de‐
54 fault=`1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16')
55 -c, --capabilities=STRING
57 Capabilities for an object (default=`0')
58 -t, --object-type=STRING
60 Object type (default=`any')
61 -y, --ykhsmauth-label=STRING
63 Credential label on YubiKey (implicitly enables ykhsmauth)
64 -r, --ykhsmauth-reader=STRING Only use a matching YubiKey reader name
66 (default=`')
67 --delegated=STRING
69 Delegated capabilities (default=`0')
70 --new-password=STRING
72 New authentication password
73 -A, --algorithm=STRING
75 Operation algorithm (default=`any')
76 --nonce=INT
78 OTP nonce
79 --iv=STRING
81 An initialization vector as a hexadecimal string
82 --count=INT
84 Number of bytes to request (default=`256')
85 --duration=INT
87 Blink duration in seconds (default=`10')
88 --wrap-id=INT
90 Wrap key ID
91 --template-id=INT
93 Template ID
94 --attestation-id=INT
96 Attestation ID
97 --log-index=INT
99 Log index
100 --opt-name=STRING
102 Device option name
103 --opt-value=STRING
105 Device option value
106 --in=STRING
108 Input data (filename) (default=`-')
109 --out=STRING
111 Output data (filename) (default=`-')
112 --informat=ENUM
114 Input format (possible values="default", "base64", "binary",
115 "PEM", "password", "hex", "ASCII" default=`default')
116 --outformat=ENUM
118 Input and output format (possible values="default", "base64",
119 "binary", "PEM", "hex", "ASCII" default=`default')
120 -f, --config-file=STRING
122 Configuration file to read (default=`')
123 -C, --connector=STRING
125 List of connectors to use
126 --cacert=STRING
128 HTTPS cacert for connector
129 --cert=STRING
131 HTTPS client certificate to authenticate with
132 --key=STRING
134 HTTPS client certificate key
135 --proxy=STRING
137 Proxy server to use for connector
138 --noproxy=STRING
140 Comma separated list of hosts ignore proxy for
141 -v, --verbose=INT
143 Print more information (default=`0')
144 -P, --pre-connect
146 Connect immediately in interactive mode (default=off)
147yubihsm-shell 2.4.2 November 2023 YUBIHSM-SHELL(1)