Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

yhsm-import-keys(1) [debian man page]

yhsm-import-keys(1)					      General Commands Manual					       yhsm-import-keys(1)

NAME

       yhsm-import-keys - import YubiKey secrets to YubiHSM

SYNOPSIS

       yhsm-import-keys --key-handles ...  [options]

DESCRIPTION

       Read YubiKey token data from standard input, and store it in files or in the YubiHSM internal database.

       The default mode is to turn each YubiKey secret into an AEAD (Authenticated Encryption with Associated Data) block that is stored in a file
       on the host computer (one file per YubiKey). This enables validation of virtually unlimited numbers of YubiKey's OTPs.

       If --internal-db is used, the YubiKey secret will be stored inside the YubiHSM, and complete validation (including counter management) will
       be done inside the YubiHSM. The internal database is currently limited to 1024 entrys.

OPTIONS

       -D, --device
	      device file name (default: /dev/ttyACM0)

       -v, --verbose
	      enable verbose operation

       --debug
	      enable debug printout, including all data sent to/from YubiHSM

       --public_id_chars num
	      number of chars to pad public id to (default: 12)

       --key-handles kh
	      key handles to use for decoding OTPs. Examples : "1", "0xabcd"

       --output-dir dir, --aead-dir dir, -O dir
	      base directory for AEADs (default: /var/cache/yubikey-ksm/aeads)

       --internal-db
	      add entrys to YubiHSM internal database, rather than creating AEAD files

INPUT FORMAT

       The format of the input matches the export format of various Yubico tools, notably the PHP based soft KSM <http://code.google.com/p/
       yubikey-ksm/>.

       An example file, with a single entry for id 4711 would be :

	   # ykksm 1
	   123456,ftftftcccc,534543524554,fcacd309a20ce1809c2db257f0e8d6ea,000000000000,,,

       (seqno, public id, private uid, AES key, dunno,,,)

       The #ykksm 1 is a file marker, and has to be on the very first line of input.

BUGS

       Report python-pyhsm/yhsm-import-keys bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/>

SEE ALSO

       The python-yubico home page <https://github.com/Yubico/python-pyhsm/>

       YubiHSMs can be obtained from Yubico <http://www.yubico.com/>.

python-pyhsm							   December 2011					       yhsm-import-keys(1)

Check Out this Related Man Page

yhsm-generate-keys(1)					      General Commands Manual					     yhsm-generate-keys(1)

NAME

       yhsm-generate-keys - Generate AEADs with secrets for YubiKeys using a YubiHSM

SYNOPSIS

       yhsm-generate-keys --key-handles KEY_HANDLES --start-public-id START_ID [options]

DESCRIPTION

       With  this  tool,  a YubiHSM can generate random secrets (using it's internal true random number generator), and these secrets protected in
       AEAD files can be stored on the host computer.

       The AEADs will be ready to be used by for example yhsm-yubikey-ksm(1) ), as a part of a YubiKey OTP validation service.

       To program YubiKeys with the generated secrets, it is possible to decrypt the AEADs (knowledge of the AES key used inside  the  YubiHSM	is
       required) using yhsm-decrypt-aead(1)

OPTIONS

       -D, --device
	      Device file name (default: /dev/ttyACM0).

       -v, --verbose
	      Enable verbose operation.

       --debug
	      Enable debug printout, including all data sent to/from YubiHSM.

       -O dir Base output directory (default: /var/cache/yubikey-ksm/aeads).

       -c integer
	      Number of AEADs to generate.

       --public-id-chars integer
	      Number of chars in generated public ids (default: 12). Changing this might not work well.

       --key-handles kh [kh ...]
	      Key handles to encrypt the generated secrets with. Examples : "1", "0xabcd".

       --start-public-id id
	      Public id of the first generated secret, in modhex.

EXIT STATUS

       0   Secrets generated successfully.

       1   Failed to generate secrets.

BUGS

       Report python-pyhsm/yhsm-generate-keys bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/>

SEE ALSO

       The python-pyhsm home page <https://github.com/Yubico/python-pyhsm/>

       YubiHSMs and YubiKeys can be obtained from Yubico <http://www.yubico.com/>.

python-pyhsm							     June 2012						     yhsm-generate-keys(1)
Man Page