Introduction

This section contains a list of the commands supported by the YubiHSM 2.

The low-level format for each command message and the relative response is provided, together with an example of how that command can be used within the yubihsm-shell.

The numerical codes corresponding to each command are provided below:

Command Name Hex Value
Echo 0x01
Create Session 0x03
Authenticate Session 0x04
Session Message 0x05
Get Device Info 0x06
Reset Device 0x08
Close Session 0x40
Get Storage Info 0x41
Put Opaque 0x42
Get Opaque 0x43
Put Authentication Key 0x44
Put Asymmetric Key 0x45
Generate Asymmetric Key 0x46
Sign Pkcs1 0x47
List Objects 0x48
Decrypt Pkcs1 0x49
Export Wrapped 0x4a
Import Wrapped 0x4b
Put Wrap Key 0x4c
Get Log Entries 0x4d
Get Object Info 0x4e
Set Option 0x4f
Get Option 0x50
Get Pseudo Random 0x51
Put Hmac Key 0x52
Sign Hmac 0x53
Get Public Key 0x54
Sign Pss 0x55
Sign Ecdsa 0x56
Derive Ecdh 0x57
Delete Object 0x58
Decrypt Oaep 0x59
Generate Hmac Key 0x5a
Generate Wrap Key 0x5b
Verify Hmac 0x5c
Sign Ssh Certificate 0x5d
Put Template 0x5e
Get Template 0x5f
Decrypt Otp 0x60
Create Otp Aead 0x61
Randomize Otp Aead 0x62
Rewrap Otp Aead 0x63
Sign Attestation Certificate 0x64
Put Otp Aead Key 0x65
Generate Otp Aead Key 0x66
Set Log Index 0x67
Wrap Data 0x68
Unwrap Data 0x69
Sign Eddsa 0x6a
Blink Device 0x6b
Change Authentication Key 0x6c