YubiHSM Commands

For a full description of YubiHSM Auth, see the YubiKey 5 Series Technical Manual, Protocols and Applications > YubiHSM Auth chapter.

Enable or Disable YubiHSM Auth on a YubiKey

This section includes the expected output and testing methods.

YubiHSM Auth is available as of firmware version 5.4.X and is disabled by default.

Enable YubiHSM Auth by running:

ykman config usb --enable HSMAUTH
YubiHSM Auth successfully enabled.

Test enablement by connecting to the YubiHSM with YubiHSM-Shell:

yubihsm> session ykopen 1 "default key" "my secret"
Session authenticated to YubiHSM2.

Disable YubiHSM Auth by running:

ykman config usb --disable HSMAUTH
YubiHSM Auth successfully disabled.

Test disablement by connecting to the YubiHSM with YubiHSM-Shell:

yubihsm> session ykopen 1 "default key" "my secret"
No access to the YubiKey application YubiHSM Auth.

---

Click for Yubico Support.