1yhsm-generate-keys(1) General Commands Manual yhsm-generate-keys(1)
2
6 yhsm-generate-keys ‐ Generate AEADs with secrets for YubiKeys using a
7 YubiHSM
8
11 yhsm-generate-keys --key-handles KEY_HANDLES --start-public-id START_ID
12 [options]
13
16 With this tool, a YubiHSM can generate random secrets (using it's
17 internal true random number generator), and these secrets protected in
18 AEAD files can be stored on the host computer.
19 The AEADs will be ready to be used by for example yhsm-yubikey-ksm(1)
21 ), as a part of a YubiKey OTP validation service.
22 To program YubiKeys with the generated secrets, it is possible to
24 decrypt the AEADs (knowledge of the AES key used inside the YubiHSM is
25 required) using yhsm-decrypt-aead(1)
26
29 -D, --device
30 Device file name (default: /dev/ttyACM0).
31 -v, --verbose
33 Enable verbose operation.
34 --debug
36 Enable debug printout, including all data sent to/from YubiHSM.
37 -O dir Base output directory (default: /var/cache/yubikey-ksm/aeads).
39 -c integer
41 Number of AEADs to generate.
42 --public-id-chars integer
44 Number of chars in generated public ids (default: 12). Changing
45 this might not work well.
46 --key-handles kh [kh ...]
48 Key handles to encrypt the generated secrets with. Examples :
49 "1", "0xabcd".
50 --start-public-id id
52 Public id of the first generated secret, in modhex.
53 --random-nonce
55 Use random nonce generated from YubiHSM.
56
59 0 Secrets generated successfully.
60 1 Failed to generate secrets.
62
65 Report python-pyhsm/yhsm-generate-keys bugs in the issue tracker
66 ⟨https://github.com/Yubico/python-pyhsm/issues/⟩
67
70 The home page ⟨https://developers.yubico.com/python-pyhsm/⟩
71 YubiHSMs and YubiKeys can be obtained from Yubico ⟨http://
73 www.yubico.com/⟩.
74python-pyhsm June 2012 yhsm-generate-keys(1)