yhsm-linux-add-entropy(1) [debian man page]
yhsm-linux-add-entropy(1) General Commands Manual yhsm-linux-add-entropy(1) NAME
yhsm-linux-add-entropy - Seed the Linux entropy pool with data from YubiHSM TRNG SYNOPSIS
yhsm-linux-add-entropy [options] DESCRIPTION
The YubiHSM uses "Avalanche Noise" TRNG together with USB SOF jitter sampling to feed a DRBG_CTR algorithm (NIST publication SP800-90). The result has been verified as being random data of good quality by at least one third party cryptographer. <http://sartryck.idg.se/Art/ Yubihsm_1_TW072011.html> Use this program to add random data from the YubiHSM to the entropy pool of your Linux operating system. This is useful whenever lots of random data is needed, such as when generating chryptographic keys (GPG-keys), on a server terminating SSL sessions etc. You may run this script from cron, or in a while-loop. Make sure it does not run at the same time as something else accessing the YubiHSM though, or the two tasks may interrupt each other - probably making both fail. OPTIONS
-D, --device device file name (default: /dev/ttyACM0). -v, --verbose enable verbose operation. -c, --count number of iterations to run (default: 100). -r, --ratio bits per byte read to use. 8 is probably fine, but as a conservative default 2 is used. --debug enable debug printout, including all data sent to/from YubiHSM. EXIT STATUS
0 Entropy added successfully 1 Failure BUGS
Report python-pyhsm/yhsm-linux-add-entropy bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/> SEE ALSO
The python-pyhsm home page <https://github.com/Yubico/python-pyhsm/> YubiHSMs can be obtained from Yubico <http://www.yubico.com/>. python-pyhsm December 2011 yhsm-linux-add-entropy(1)
Check Out this Related Man Page
yhsm-keystore-unlock(1) General Commands Manual yhsm-keystore-unlock(1) NAME
yhsm-keystore-unlock - Unlock the keystore in a YubiHSM SYNOPSIS
yhsm-keystore-unlock [options] DESCRIPTION
In versions of the YubiHSM before 1.0, the YubiHSM could be protected using a 'HSM password'. The YubiHSM would unlock it's cryptographic functions if the correct password was given, but it was a simple comparision test. In YubiHSM 1.0, the password was changed into an actual key that was used to decrypt the contents of the YubiHSM internal key store, which was then AES-256 encrypted using the new 'Master key' when stored in the device. In YubiHSM 1.0, the option to also require an YubiKey OTP to unlock the keystore was also added. One or more 'Admin YubiKeys' can be con- figured in the YubiHSM, and an OTP from one of these must also be provided before the YubiHSM will enable it's cryptographic functions. The OTP is simply validated against the non-encrypted internal database (not key store) in the YubiHSM though, but together with a 'Master key' not stored on the server with the YubiHSM, it provides enhanced security by being a second factor that an attacker can't just inter- cept even if the server is compromised. OPTIONS
-D, --device device file name (default: /dev/ttyACM0). -v, --verbose enable verbose operation. --debug enable debug printout, including all data sent to/from YubiHSM. --no-otp skip the prompt for an OTP. For use by scripts where no OTP is required and the Master Key is stored on the server with the YubiHSM. --stdin read password and/or OTP from stdin rather than prompting for them. Python prompts does not accept piped input, so this option have to be used to unlock the YubiHSM from a script for example. EXIT STATUS
0 YubiHSM keystore successfully unlocked. 1 Failed to unlock keystore. BUGS
Report python-pyhsm/yhsm-keystore-unlock bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/> SEE ALSO
The python-pyhsm home page <https://github.com/Yubico/python-pyhsm/> YubiHSMs can be obtained from Yubico <http://www.yubico.com/>. python-pyhsm December 2011 yhsm-keystore-unlock(1)