Files
yubikey.rs/tool/yubico-piv-tool.h2m
T
2015-07-01 16:34:20 +02:00

87 lines
3.2 KiB
Plaintext

# Copyright (c) 2014, 2015 Yubico AB
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[EXAMPLES]
For more information about what's happening \-\-verbose can be added
to any command. For much more information \-\-verbose=2 may be used.
Display what version of the applet is running on the YubiKey Neo:
yubico\-piv\-tool \-a version
Generate a new ECC\-P256 key on device in slot 9a, will print the public
key on stdout:
yubico\-piv\-tool \-s 9a \-A ECCP256 \-a generate
Generate a certificate request with public key from stdin, will print
the resulting request on stdout:
yubico\-piv\-tool \-s 9a \-S '/CN=foo/OU=test/O=example.com/' \-P 123456 \\
\-a verify \-a request
Generate a self\-signed certificate with public key from stdin, will print
the certificate, for later import, on stdout:
yubico\-piv\-tool \-s 9a \-S '/CN=bar/OU=test/O=example.com/' \-P 123456 \\
\-a verify \-a selfsign
Import a certificate from stdin:
yubico\-piv\-tool \-s 9a \-a import\-certificate
Set a random chuid, import a key and import a certificate from a PKCS12
file with password test, into slot 9c:
yubico\-piv\-tool \-s 9c \-i test.pfx \-K PKCS12 \-p test \-a set\-chuid \\
\-a import\-key \-a import\-cert
Import a certificate which is larger than 2048 bytes and thus requires
compression in order to fit:
openssl x509 \-in cert.pem \-outform DER | gzip \-9 > der.gz
yubico\-piv\-tool \-s 9c \-i der.gz \-K GZIP \-a import\-cert
Change the management key used for administrative authentication:
yubico\-piv\-tool \-n 0807605403020108070605040302010807060504030201 \\
\-a set\-mgm\-key
Delete a certificate in slot 9a:
yubico\-piv\-tool \-a delete\-certificate \-s 9a
Show some information on certificates and other data:
yubico\-piv\-tool \-a status
Read out the certificate from a slot and then run a signature test:
yubico\-piv\-tool \-a read\-cert \-s 9a
yubico\-piv\-tool \-a verify\-pin \-P 123456 \-a test\-signature \-s 9a