yhsm-linux-add-entropy(1) General Commands Manual yhsm-linux-add-entropy(1)NAME
yhsm-linux-add-entropy - Seed the Linux entropy pool with data from YubiHSM TRNG
SYNOPSIS
yhsm-linux-add-entropy [options]
DESCRIPTION
The YubiHSM uses "Avalanche Noise" TRNG together with USB SOF jitter sampling to feed a DRBG_CTR algorithm (NIST publication SP800-90). The
result has been verified as being random data of good quality by at least one third party cryptographer. <http://sartryck.idg.se/Art/
Yubihsm_1_TW072011.html>
Use this program to add random data from the YubiHSM to the entropy pool of your Linux operating system. This is useful whenever lots of
random data is needed, such as when generating chryptographic keys (GPG-keys), on a server terminating SSL sessions etc.
You may run this script from cron, or in a while-loop. Make sure it does not run at the same time as something else accessing the YubiHSM
though, or the two tasks may interrupt each other - probably making both fail.
OPTIONS -D, --device
device file name (default: /dev/ttyACM0).
-v, --verbose
enable verbose operation.
-c, --count
number of iterations to run (default: 100).
-r, --ratio
bits per byte read to use. 8 is probably fine, but as a conservative default 2 is used.
--debug
enable debug printout, including all data sent to/from YubiHSM.
EXIT STATUS
0 Entropy added successfully
1 Failure
BUGS
Report python-pyhsm/yhsm-linux-add-entropy bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/>
SEE ALSO
The python-pyhsm home page <https://github.com/Yubico/python-pyhsm/>
YubiHSMs can be obtained from Yubico <http://www.yubico.com/>.
python-pyhsm December 2011 yhsm-linux-add-entropy(1)
Check Out this Related Man Page
yhsm-import-keys(1) General Commands Manual yhsm-import-keys(1)NAME
yhsm-import-keys - import YubiKey secrets to YubiHSM
SYNOPSIS
yhsm-import-keys --key-handles ... [options]
DESCRIPTION
Read YubiKey token data from standard input, and store it in files or in the YubiHSM internal database.
The default mode is to turn each YubiKey secret into an AEAD (Authenticated Encryption with Associated Data) block that is stored in a file
on the host computer (one file per YubiKey). This enables validation of virtually unlimited numbers of YubiKey's OTPs.
If --internal-db is used, the YubiKey secret will be stored inside the YubiHSM, and complete validation (including counter management) will
be done inside the YubiHSM. The internal database is currently limited to 1024 entrys.
OPTIONS -D, --device
device file name (default: /dev/ttyACM0)
-v, --verbose
enable verbose operation
--debug
enable debug printout, including all data sent to/from YubiHSM
--public_id_chars num
number of chars to pad public id to (default: 12)
--key-handles kh
key handles to use for decoding OTPs. Examples : "1", "0xabcd"
--output-dir dir, --aead-dir dir, -O dir
base directory for AEADs (default: /var/cache/yubikey-ksm/aeads)
--internal-db
add entrys to YubiHSM internal database, rather than creating AEAD files
INPUT FORMAT
The format of the input matches the export format of various Yubico tools, notably the PHP based soft KSM <http://code.google.com/p/
yubikey-ksm/>.
An example file, with a single entry for id 4711 would be :
# ykksm 1
123456,ftftftcccc,534543524554,fcacd309a20ce1809c2db257f0e8d6ea,000000000000,,,
(seqno, public id, private uid, AES key, dunno,,,)
The #ykksm 1 is a file marker, and has to be on the very first line of input.
BUGS
Report python-pyhsm/yhsm-import-keys bugs in the issue tracker <https://github.com/Yubico/python-pyhsm/issues/>
SEE ALSO
The python-yubico home page <https://github.com/Yubico/python-pyhsm/>
YubiHSMs can be obtained from Yubico <http://www.yubico.com/>.
python-pyhsm December 2011 yhsm-import-keys(1)