// Copyright (c) 2014-2016 Yubico AB // All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following // disclaimer in the documentation and/or other materials provided // with the distribution. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. == EXAMPLES For more information about what's happening --verbose can be added to any command. For much more information --verbose=2 may be used. Display what version of the application is running on the YubiKey: yubico-piv-tool -aversion Generate a new ECC-P256 key on device in slot 9a, will print the public key on stdout: yubico-piv-tool -s9a -AECCP256 -agenerate Generate a certificate request with public key from stdin, will print the resulting request on stdout: yubico-piv-tool -s9a -S'/CN=foo/OU=test/O=example.com/' -averify -arequest Generate a self-signed certificate with public key from stdin, will print the certificate, for later import, on stdout: yubico-piv-tool -s9a -S'/CN=bar/OU=test/O=example.com/' -averify \ -aselfsign Import a certificate from stdin: yubico-piv-tool -s9a -aimport-certificate Set a random chuid, import a key and import a certificate from a PKCS12 file, into slot 9c: yubico-piv-tool -s9c -itest.pfx -KPKCS12 -aset-chuid -aimport-key \ -aimport-cert Import a certificate which is larger than 2048 bytes and thus requires compression in order to fit: openssl x509 -in cert.pem -outform DER | gzip -9 > der.gz yubico-piv-tool -s9c -ider.gz -KGZIP -aimport-cert Change the management key used for administrative authentication: yubico-piv-tool -aset-mgm-key Delete a certificate in slot 9a, with management key being asked for: yubico-piv-tool -adelete-certificate -s9a -k Show some information on certificates and other data: yubico-piv-tool -astatus Read out the certificate from a slot and then run a signature test: yubico-piv-tool -aread-cert -s9a yubico-piv-tool -averify-pin -atest-signature -s9a