Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

yhsm-yubikey-ksm(1) [debian man page]

yhsm-yubikey-ksm(1)					      General Commands Manual					       yhsm-yubikey-ksm(1)

yhsm-yubikey-ksm - Decrypt YubiKey OTPs using an attached YubiHSM SYNOPSIS
yhsm-yubikey-ksm --key-handles ... [options] DESCRIPTION
This is a small network server with a REST-like API that decodes YubiKey OTPs. It can be used as a decryption backend (Key Storage Module) to a validation service such as the YubiCloud. The AES keys of the YubiKeys must be present as AEAD files decryptable to the attached YubiHSM. Such AEADs can for example be created using yhsm-import-keys(1). Note that this daemon is single threaded - it will only handle a single request at once. A request timeout is therefor most important. OPTIONS
-D, --device device file name (default: /dev/ttyACM0) -v, --verbose enable verbose operation --debug enable debug printout, including all data sent to/from YubiHSM --U, --serve-url base base of URL for decrypt web service (default: /yhsm/validate?) --port num port to listen on (default: 8002) --addr addr address to bind to (default: --key-handles kh, --key-handle kh key handles to use for decoding OTPs. Examples : "1", "0xabcd". --aead-dir dir, -B dir base directory for AEADs (default: /var/cache/yubikey-ksm/aeads) --reqtimeout num number of seconds before a request times out (default: 5) --pid-file fn write process id of server to this file BUGS
Report python-pyhsm/yhsm-yubikey-ksm bugs in the issue tracker <> SEE ALSO
The python-yubico home page <> YubiHSMs can be obtained from Yubico <>. python-pyhsm December 2011 yhsm-yubikey-ksm(1)

Check Out this Related Man Page

yhsm-generate-keys(1)					      General Commands Manual					     yhsm-generate-keys(1)

yhsm-generate-keys - Generate AEADs with secrets for YubiKeys using a YubiHSM SYNOPSIS
yhsm-generate-keys --key-handles KEY_HANDLES --start-public-id START_ID [options] DESCRIPTION
With this tool, a YubiHSM can generate random secrets (using it's internal true random number generator), and these secrets protected in AEAD files can be stored on the host computer. The AEADs will be ready to be used by for example yhsm-yubikey-ksm(1) ), as a part of a YubiKey OTP validation service. To program YubiKeys with the generated secrets, it is possible to decrypt the AEADs (knowledge of the AES key used inside the YubiHSM is required) using yhsm-decrypt-aead(1) OPTIONS
-D, --device Device file name (default: /dev/ttyACM0). -v, --verbose Enable verbose operation. --debug Enable debug printout, including all data sent to/from YubiHSM. -O dir Base output directory (default: /var/cache/yubikey-ksm/aeads). -c integer Number of AEADs to generate. --public-id-chars integer Number of chars in generated public ids (default: 12). Changing this might not work well. --key-handles kh [kh ...] Key handles to encrypt the generated secrets with. Examples : "1", "0xabcd". --start-public-id id Public id of the first generated secret, in modhex. EXIT STATUS
0 Secrets generated successfully. 1 Failed to generate secrets. BUGS
Report python-pyhsm/yhsm-generate-keys bugs in the issue tracker <> SEE ALSO
The python-pyhsm home page <> YubiHSMs and YubiKeys can be obtained from Yubico <>. python-pyhsm June 2012 yhsm-generate-keys(1)
Man Page

Featured Tech Videos