71 lines
4.8 KiB
Plaintext
71 lines
4.8 KiB
Plaintext
# Copyright (c) 2014-2016 Yubico AB
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are
|
|
# met:
|
|
#
|
|
# * Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# * Redistributions in binary form must reproduce the above
|
|
# copyright notice, this list of conditions and the following
|
|
# disclaimer in the documentation and/or other materials provided
|
|
# with the distribution.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
option "verbose" v "Print more information" int optional default="0" argoptional
|
|
option "reader" r "Only use a matching reader" string optional default="Yubikey"
|
|
option "key" k "Management key to use, if no value is specified key will be asked for" string optional default="010203040506070801020304050607080102030405060708" argoptional
|
|
option "action" a "Action to take" values="version","generate","set-mgm-key",
|
|
"reset","pin-retries","import-key","import-certificate","set-chuid",
|
|
"request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
|
|
"selfsign-certificate","delete-certificate","read-certificate","status",
|
|
"test-signature","test-decipher","list-readers","set-ccc","write-object",
|
|
"read-object","attest" enum multiple
|
|
text "
|
|
Multiple actions may be given at once and will be executed in order
|
|
for example --action=verify-pin --action=request-certificate\n"
|
|
option "slot" s "What key slot to operate on" values="9a","9c","9d","9e","82","83","84","85","86","87","88","89","8a","8b","8c","8d","8e","8f","90","91","92","93","94","95","f9" enum optional
|
|
text "
|
|
9a is for PIV Authentication
|
|
9c is for Digital Signature (PIN always checked)
|
|
9d is for Key Management
|
|
9e is for Card Authentication (PIN never checked)
|
|
82-95 is for Retired Key Management
|
|
f9 is for Attestation\n"
|
|
option "algorithm" A "What algorithm to use" values="RSA1024","RSA2048","ECCP256","ECCP384" enum optional default="RSA2048"
|
|
option "hash" H "Hash to use for signatures" values="SHA1","SHA256","SHA384","SHA512" enum optional default="SHA256"
|
|
option "new-key" n "New management key to use for action set-mgm-key, if omitted key will be asked for" string optional
|
|
option "pin-retries" - "Number of retries before the pin code is blocked" int optional dependon="puk-retries"
|
|
option "puk-retries" - "Number of retries before the puk code is blocked" int optional dependon="pin-retries"
|
|
option "input" i "Filename to use as input, - for stdin" string optional default="-"
|
|
option "output" o "Filename to use as output, - for stdout" string optional default="-"
|
|
option "key-format" K "Format of the key being read/written" values="PEM","PKCS12","GZIP","DER","SSH" enum optional default="PEM"
|
|
option "password" p "Password for decryption of private key file, if omitted password will be asked for" string optional
|
|
option "subject" S "The subject to use for certificate request" string optional
|
|
text "
|
|
The subject must be written as:
|
|
/CN=host.example.com/OU=test/O=example.com/\n"
|
|
option "serial" - "Serial number of the self-signed certificate" int optional
|
|
option "valid-days" - "Time (in days) until the self-signed certificate expires" int optional default="365"
|
|
option "pin" P "Pin/puk code for verification, if omitted pin/puk will be asked for" string optional
|
|
option "new-pin" N "New pin/puk code for changing, if omitted pin/puk will be asked for" string optional dependon="pin"
|
|
option "pin-policy" - "Set pin policy for action generate or import-key. Only available on YubiKey 4" values="never","once","always" enum optional
|
|
option "touch-policy" - "Set touch policy for action generate, import-key or set-mgm-key. Only available on YubiKey 4" values="never","always","cached" enum optional
|
|
option "id" - "Id of object for write/read object" int optional
|
|
option "format" f "Format of data for write/read object" values="hex","base64","binary" enum optional default="hex"
|
|
option "sign" - "Sign data" flag off hidden
|
|
option "stdin-input" - "Read sensitive values from stdin" flag off hidden
|