YubiHSM Commands

For a full description of YubiHSM Auth, see the corresponding chapter in the YubiKey 5 Series Technical Manual. YubiHSM Auth is disabled in firmware version 5.4.X.

Enable or Disable YubiHSM Auth on a YubiKey

This section includes the expected output and testing methods.

Enable YubiHSM Auth by running:

ykman config usb --enable HSMAUTH
YubiHSM Auth successfully enabled.

Test enablement by connecting to the YubiHSM with YubiHSM-Shell:

yubihsm> session ykopen 1 "default key" "my secret"
Session authenticated to YubiHSM2.

Disable YubiHSM Auth by running:

ykman config usb --disable HSMAUTH
YubiHSM Auth successfully disabled.

Test disablement by connecting to the YubiHSM with YubiHSM-Shell:

yubihsm> session ykopen 1 "default key" "my secret"
No access to the YubiKey application YubiHSM Auth.

---

To get in touch with Yubico Support, click here.