.. Base_Commands.rst .. _base-commands-label: =============== Base Commands =============== The base commands are those that do not apply to any specific protocol. However, they do apply to the different connection methods such as USB and NFC. Acronyms and their definitions are listed at the bottom of this page. .. include:: includes/ykman.rst ykman config [OPTIONS] COMMAND [ARGS]... ======================================== Enable or disable applications. The applications may be enabled and disabled independently over different transports (USB and NFC). The configuration may also be protected by a lock code. Examples -------- * Disable PIV over NFC: .. code-block:: $ ykman config nfc --disable PIV * Enable all applications over USB: .. code-block:: $ ykman config usb --enable-all * Generate and set a random application lock code: .. code-block:: $ ykman config set-lock-code --generate Options ------- .. table:: +-------------------+------------------------------------------------------+ | Option | Description | +===================+======================================================+ | ``-h, --help`` | Show this message and exit. | +-------------------+------------------------------------------------------+ Commands -------- .. table:: +-------------------+-------------------------------------------------------+ | Commmand | Description | +===================+=======================================================+ | ``mode`` | Manage connection modes (USB interfaces). | +-------------------+-------------------------------------------------------+ | ``nfc`` | Enable or disable applications over NFC. | +-------------------+-------------------------------------------------------+ | ``set-lock-code`` | Set or change the configuration lock code. | +-------------------+-------------------------------------------------------+ | ``usb`` | Enable or disable applications over USB. | +-------------------+-------------------------------------------------------+ ykman config mode [OPTIONS] MODE ================================ Manage connection modes (USB Interfaces). This command is generally used with YubiKeys prior to the 5 series. Use ``ykman config usb`` for more granular control on YubiKey 5 and later. Get the current connection mode of the YubiKey, or set it to ``MODE``. Examples -------- * Set the OTP and FIDO mode: .. code-block:: $ ykman config mode OTP+FIDO * Set the CCID only mode and use touch to eject the smart card: .. code-block:: $ ykman config mode CCID --touch-eject Arguments ---------- .. table:: +------------+--------------------------------------------------------------+ | Argument | Description | +============+==============================================================+ | ``MODE`` || ``MODE`` can be a string, such as ``OTP+FIDO+CCID``, or a | | || shortened form: ``o+f+c``. It can also be a mode number. | +------------+--------------------------------------------------------------+ Options ------- .. table:: +---------------------------------+-----------------------------------------+ | Option | Description | +=================================+=========================================+ | ``-h, --help`` | Show this message and exit. | +---------------------------------+-----------------------------------------+ | ``--autoeject-timeout SECONDS`` || When set, the smartcard automatically | | || ejects after the given time. Implies | | || ``--touch-eject`` (CCID mode only). | +---------------------------------+-----------------------------------------+ | ``--chalresp-timeout SECONDS`` || Sets the timeout when waiting for touch| | || for challenge response. | +---------------------------------+-----------------------------------------+ | ``-f, --force`` | Confirm the action without prompting. | +---------------------------------+-----------------------------------------+ | ``--touch-eject`` || When set, the button toggles the state | | || the smartcard between ejected and | | || inserted (CCID mode only). | +---------------------------------+-----------------------------------------+ ykman config nfc [OPTIONS] =========================== Enable or disable applications over NFC. Options ------- .. table:: +------------------------------------+--------------------------------------+ | Option | Description | +====================================+======================================+ | ``-h, --help`` | Show this message and exit. | +------------------------------------+--------------------------------------+ | ``-a, --enable-all`` | Enable all applications. | +------------------------------------+--------------------------------------+ || ``-d, --disable [OTP|U2F|FIDO2|`` || Disable applications. | || ``OATH|PIV|OPENPGP|HSMAUTH]`` || | +------------------------------------+--------------------------------------+ | ``-D, --disable-all`` | Disable all applications. | +------------------------------------+--------------------------------------+ || ``-e, --enable [OTP|U2F|FIDO2|`` || Enable applications. | || ``OATH|PIV|OPENPGP|HSMAUTH]`` || | +------------------------------------+--------------------------------------+ | ``-f, --force`` | Confirm the action without prompting.| +------------------------------------+--------------------------------------+ | ``-l, --list`` | List enabled applications. | +------------------------------------+--------------------------------------+ | ``-L, --lock-code HEX`` || Current application configuration | | || lock code. | +------------------------------------+--------------------------------------+ .. _set-lock-code-label: ykman config set-lock-code [OPTIONS] ==================================== Set or change the configuration lock code. A lock code may be used to protect the application configuration. The lock code must be a 32 characters (16 bytes) hex value. Options ------- .. table:: +-----------------------------+---------------------------------------------+ | Option | Description | +=============================+=============================================+ | ``-h, --help`` | Show this message and exit. | +-----------------------------+---------------------------------------------+ | ``-c, --clear`` | Clear the lock code. | +-----------------------------+---------------------------------------------+ | ``-f, --force`` | Confirm the action without prompting. | +-----------------------------+---------------------------------------------+ | ``-g, --generate`` || Generate a random lock code. Conflicts | | || with ``--new-lock-code``. | +-----------------------------+---------------------------------------------+ | ``-l, --lock-code HEX`` | Current lock code. | +-----------------------------+---------------------------------------------+ | ``-n, --new-lock-code HEX`` | New lock code. Conflicts with --generate. | +-----------------------------+---------------------------------------------+ ykman config usb [OPTIONS] ========================== Enable or disable applications over USB. Options ------- .. table:: +------------------------------------+--------------------------------------+ | Option | Description | +====================================+======================================+ | ``-h, --help`` | Show this message and exit. | +------------------------------------+--------------------------------------+ | ``-a, --enable-all`` | Enable all applications. | +------------------------------------+--------------------------------------+ | ``--autoeject-timeout SECONDS`` || When set, the smartcard automaticall| | || ejects after the specified time. | | || Implies ``--touch-eject``. | +------------------------------------+--------------------------------------+ | ``--chalresp-timeout SECONDS`` || Sets the timeout when waiting for | | || touch response to the challenge- | | || response from the OTP application. | +------------------------------------+--------------------------------------+ || ``-d, --disable [OTP|U2F|FIDO2|`` || Disable applications. | || ``OATH|PIV|OPENPGP|HSMAUTH]`` || | +------------------------------------+--------------------------------------+ || ``-e, --enable [OTP|U2F|FIDO2|`` || Enable applications. | || ``OATH|PIV|OPENPGP|HSMAUTH]`` || | +------------------------------------+--------------------------------------+ | ``-f, --force`` | Confirm the action without prompting.| +------------------------------------+--------------------------------------+ | ``-l, --list`` | List enabled applications. | +------------------------------------+--------------------------------------+ | ``-L, --lock-code HEX`` || Current application configuration | | || lock code. | +------------------------------------+--------------------------------------+ | ``--no-touch-eject`` | Disable touch eject (CCID only). | +------------------------------------+--------------------------------------+ | ``--touch-eject`` || When set, the button toggles the | | || state of the smartcard between | | || ejected and inserted (CCID only). | +------------------------------------+--------------------------------------+ .. include:: includes/ykman-info.rst ykman list [OPTIONS] ==================== List connected YubiKeys. Options ------- .. table:: +-------------------+-------------------------------------------------------+ | Option | Description | +===================+=======================================================+ | ``-h, --help`` | Show this message and exit. | +-------------------+-------------------------------------------------------+ | ``-r, --readers`` | List available smart card readers. | +-------------------+-------------------------------------------------------+ | ``-s, --serials`` || Output only serial numbers of the connected YubiKeys,| | || one per line. Devices without serial numbers are not | | || listed. | +-------------------+-------------------------------------------------------+ .. include:: includes/acronyms.rst ---- Click for `Yubico Support `_.