9dfe04cd06
also update all examples to have no space after short option.
85 lines
3.0 KiB
Plaintext
85 lines
3.0 KiB
Plaintext
// Copyright (c) 2014-2016 Yubico AB
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are
|
|
// met:
|
|
//
|
|
// * Redistributions of source code must retain the above copyright
|
|
// notice, this list of conditions and the following disclaimer.
|
|
//
|
|
// * Redistributions in binary form must reproduce the above
|
|
// copyright notice, this list of conditions and the following
|
|
// disclaimer in the documentation and/or other materials provided
|
|
// with the distribution.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
== EXAMPLES
|
|
|
|
For more information about what's happening --verbose can be added
|
|
to any command. For much more information --verbose=2 may be used.
|
|
|
|
Display what version of the application is running on the YubiKey:
|
|
|
|
yubico-piv-tool -aversion
|
|
|
|
Generate a new ECC-P256 key on device in slot 9a, will print the public
|
|
key on stdout:
|
|
|
|
yubico-piv-tool -s9a -AECCP256 -agenerate
|
|
|
|
Generate a certificate request with public key from stdin, will print
|
|
the resulting request on stdout:
|
|
|
|
yubico-piv-tool -s9a -S'/CN=foo/OU=test/O=example.com/' -averify -arequest
|
|
|
|
Generate a self-signed certificate with public key from stdin, will print
|
|
the certificate, for later import, on stdout:
|
|
|
|
yubico-piv-tool -s9a -S'/CN=bar/OU=test/O=example.com/' -averify \
|
|
-aselfsign
|
|
|
|
Import a certificate from stdin:
|
|
|
|
yubico-piv-tool -s9a -aimport-certificate
|
|
|
|
Set a random chuid, import a key and import a certificate from a PKCS12
|
|
file, into slot 9c:
|
|
|
|
yubico-piv-tool -s9c -itest.pfx -KPKCS12 -aset-chuid -aimport-key \
|
|
-aimport-cert
|
|
|
|
Import a certificate which is larger than 2048 bytes and thus requires
|
|
compression in order to fit:
|
|
|
|
openssl x509 -in cert.pem -outform DER | gzip -9 > der.gz
|
|
yubico-piv-tool -s9c -ider.gz -KGZIP -aimport-cert
|
|
|
|
Change the management key used for administrative authentication:
|
|
|
|
yubico-piv-tool -aset-mgm-key
|
|
|
|
Delete a certificate in slot 9a, with management key being asked for:
|
|
|
|
yubico-piv-tool -adelete-certificate -s9a -k
|
|
|
|
Show some information on certificates and other data:
|
|
|
|
yubico-piv-tool -astatus
|
|
|
|
Read out the certificate from a slot and then run a signature test:
|
|
|
|
yubico-piv-tool -aread-cert -s9a
|
|
yubico-piv-tool -averify-pin -atest-signature -s9a
|