update documentation and help output for how to specify secrets on stdin
also update all examples to have no space after short option.
This commit is contained in:
+18
-19
@@ -32,60 +32,59 @@ to any command. For much more information \-\-verbose=2 may be used.
|
||||
|
||||
Display what version of the application is running on the YubiKey:
|
||||
|
||||
yubico\-piv\-tool \-a version
|
||||
yubico\-piv\-tool \-aversion
|
||||
|
||||
Generate a new ECC\-P256 key on device in slot 9a, will print the public
|
||||
key on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s 9a \-A ECCP256 \-a generate
|
||||
yubico\-piv\-tool \-s9a \-AECCP256 \-agenerate
|
||||
|
||||
Generate a certificate request with public key from stdin, will print
|
||||
the resulting request on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s 9a \-S '/CN=foo/OU=test/O=example.com/' \-P 123456 \\
|
||||
\-a verify \-a request
|
||||
yubico\-piv\-tool \-s9a \-S'/CN=foo/OU=test/O=example.com/' \-averify \\
|
||||
\-arequest
|
||||
|
||||
Generate a self\-signed certificate with public key from stdin, will print
|
||||
the certificate, for later import, on stdout:
|
||||
|
||||
yubico\-piv\-tool \-s 9a \-S '/CN=bar/OU=test/O=example.com/' \-P 123456 \\
|
||||
\-a verify \-a selfsign
|
||||
yubico\-piv\-tool \-s9a \-S'/CN=bar/OU=test/O=example.com/' \-averify \\
|
||||
\-aselfsign
|
||||
|
||||
Import a certificate from stdin:
|
||||
|
||||
yubico\-piv\-tool \-s 9a \-a import\-certificate
|
||||
yubico\-piv\-tool \-s9a \-aimport\-certificate
|
||||
|
||||
Set a random chuid, import a key and import a certificate from a PKCS12
|
||||
file with password test, into slot 9c:
|
||||
file, into slot 9c:
|
||||
|
||||
yubico\-piv\-tool \-s 9c \-i test.pfx \-K PKCS12 \-p test \-a set\-chuid \\
|
||||
\-a import\-key \-a import\-cert
|
||||
yubico\-piv\-tool \-s9c \-itest.pfx \-KPKCS12 \-aset\-chuid \\
|
||||
\-aimport\-key \-aimport\-cert
|
||||
|
||||
Import a certificate which is larger than 2048 bytes and thus requires
|
||||
compression in order to fit:
|
||||
|
||||
openssl x509 \-in cert.pem \-outform DER | gzip \-9 > der.gz
|
||||
yubico\-piv\-tool \-s 9c \-i der.gz \-K GZIP \-a import\-cert
|
||||
yubico\-piv\-tool \-s9c \-ider.gz \-KGZIP \-aimport\-cert
|
||||
|
||||
Change the management key used for administrative authentication:
|
||||
|
||||
yubico\-piv\-tool \-n 0807605403020108070605040302010807060504030201 \\
|
||||
\-a set\-mgm\-key
|
||||
yubico\-piv\-tool \-aset\-mgm\-key
|
||||
|
||||
Delete a certificate in slot 9a:
|
||||
Delete a certificate in slot 9a, with management key being asked for:
|
||||
|
||||
yubico\-piv\-tool \-a delete\-certificate \-s 9a
|
||||
yubico\-piv\-tool \-adelete\-certificate \-s9a \-k
|
||||
|
||||
Show some information on certificates and other data:
|
||||
|
||||
yubico\-piv\-tool \-a status
|
||||
yubico\-piv\-tool \-astatus
|
||||
|
||||
Read out the certificate from a slot and then run a signature test:
|
||||
|
||||
yubico\-piv\-tool \-a read\-cert \-s 9a
|
||||
yubico\-piv\-tool \-a verify\-pin \-P 123456 \-a test\-signature \-s 9a
|
||||
yubico\-piv\-tool \-aread\-cert \-s9a
|
||||
yubico\-piv\-tool \-averify\-pin \-atest\-signature \-s9a
|
||||
|
||||
Import a key into slot 85 (only available on YubiKey 4) and set the
|
||||
touch policy (also only available on YubiKey 4):
|
||||
|
||||
yubico-piv-tool \-a import\-key \-s 85 \-\-touch-policy=always \-i key.pem
|
||||
yubico-piv-tool \-aimport\-key \-s85 \-\-touch-policy=always \-ikey.pem
|
||||
|
||||
Reference in New Issue
Block a user