YubiHSM 2 Administration and Usage Guides

Contents

• Introduction
• Resetting Device to Factory Settings
  • Physical Reset
  • Reset Using YubiHSM Shell
• Initial Provisioning and Deployment Tasks
  • Known Usage Cases
  • HMAC
  • PKCS11 / RSA
• Practical Guide: Quick Start Tutorial
  • Set Up the Environment
  • Start Up
  • Set Up YubiHSM 2 Connection
  • Sessions
  • Adding a New Authentication Key
  • Generate a Key for Signing
  • Prepare to Sign With the New Asymmetric Key
  • Export Under Wrap
• EJBCA Installation
  • Prerequisites
  • Configuring a New EJBCA Installation
  • Configuring an Existing EJBCA Installation
• OpenSSH Certificates for Host Login
  • Traditional Method
  • OpenSSH CA
  • OpenSSH Certificates with YubiHSM
  • High-Level Description and Components
  • SSH Template
  • SSH Certificate Request
• OpenSSL with libp11 for Signing, Verifying and Encrypting, Decrypting
  • Signing and Verifying
  • Encrypting and Decrypting
• OpenSSL with YubiHSM 2 via engine_pkcs11 and yubihsm_pkcs11
  • Example: Creating an Alias
  • Example: Generating a Key in the Device
  • Example: Certifcate Request
  • Example: Retrieve 64 Bytes of Data
  • Example: Adding req entries
  • Example: Requesting certificate existing RSA key
  • Example: Self-Signed Certificate Existing RSA Key
  • Example: s_server with RSA Key and Certificate
  • Example: s_server with ECDSA Key and Certificate
  • Acknowledgements
• Using OpenSC pkcs11-tool
  • Creating Digital Signatures
  • Performing Decryption
  • Derive ECDH Key
  • Obtaining Random Data
  • Acknowledgements
• YubiHSM and OpenSSL on Windows
  • Overview
  • Installation
  • Configuration
• Configuring YubiHSM 2 for Java Code Signing
  • Prerequisites
  • Windows PowerShell script for generating keys and certificates
  • Linux Bash Script for Generating Keys and Certificates
  • List the Objects on YubiHSM 2
  • Using YubiHSM 2 with Java Signing Applications
• Backing up and Restoring Keys
  • Backup and Restore Managed via YubiHSM Key Storage Provider
  • Back up and Restore Keys Using YubiHSM Shell
• Copyright