YubiHSM Commands

Typical Scenarios

YubiHSM Auth is disabled in version 5.4.X.

Enable /Disable YubiHSM Auth on a YubiKey

This section includes the expected output and testing methods.

  • Enable YubiHSM Auth by running:

    ykman config usb --enable HSMAUTH YubiHSM Auth successfully enabled.

    • Test enablement by connecting to the YubiHSM with YubiHSM-Shell:

      yubihsm> session ykopen 1 "default key" "my secret" Session authenticated to YubiHSM2.

  • Disable YubiHSM Auth by running:

    ykman config usb --disable HSMAUTH YubiHSM Auth successfully disabled.

    • Test disablement by connecting to the YubiHSM with YubiHSM-Shell:

      yubihsm> session ykopen 1 "default key" "my secret" No access to the YubiKey application YubiHSM Auth.

Acronyms

3DES:Triple Data Encryption Algorithm
AES:Advanced Encryption Standard
CCC:Card Capability Container
CCID:Chip card interface device, a USB protocol for a smartcard.
CHUID:Card Holder Unique ID
CN:Common name
CSR:Certificate Signing Request
ECC:Elliptic curve cryptography
FIDO:Fast Identity Online
FIPS:Federal Information Processing Standards (US government) covering codes and encryption standards.
HMAC:Hash-based message authentication code
HOTP:HMAC-based One-Time Password algorithm
OATH:The Initiative for Open Authentication is an organization that specifies two open authentication standards, TOTP and HOTP
OTP:One-Time Password
PUK:PIN Unlock Key
stdin:standard input - usually keyboard or CLI instructions
stdout:standard output - usually print to screen
TOTP:Time-based One-Time Password algorithm
X.509:The standard defining the format of a public key certificate

To get in touch with Yubico Support, go to https://support.yubico.com/hc/en-us/requests/new.