Skip to content

Instantly share code, notes, and snippets.

@usmansaleem

usmansaleem/yubihsm_notes.md

Created September 29, 2020 08:29
Show Gist options
  • Save usmansaleem/8e8bc62da1f06c185945fd0851fc4f47 to your computer and use it in GitHub Desktop.
Save usmansaleem/8e8bc62da1f06c185945fd0851fc4f47 to your computer and use it in GitHub Desktop.
Download ZIP
YubiHSM Shell batch mode - Opaque data
Raw
yubihsm_notes.md
  • Total objects that can be stored = 256
  • Object ID (in hex) between 0000 and ffff

Add new authentication key (id: 3) for opaque data management

> ./yubihsm-shell --connector=http://localhost:12345 --authkey=1 \
--action=put-authentication-key --new-password=password3 --object-id=3 --domains=1,2,3 \
--capabilities=get-opaque,put-opaque,delete-opaque,export-wrapped,get-pseudo-random,put-wrap-key,import-wrapped \
--delegated=exportable-under-wrap,export-wrapped,import-wrapped

Put Opaque Data (using auth key id 3, opaque object id 15)

> ./yubihsm-shell --connector=http://localhost:12345 --authkey=3 --action=put-opaque \
--object-id=15 --label="bls_key_4" --domains=1,2,3 \
--algorithm=opaque-data --capabilities=none \
--informat=hex --in=5e8d5667ce78982a07242739ab03dc63c91e830c80a5b6adca777e3f216a405d
Enter password:
Created session 1
Stored Opaque object 0x000f

Get Opaque Data command:

> ./yubihsm-shell --connector=http://localhost:12345 --authkey=1 --action=get-opaque --object-id=15 --outformat=hex
Session keepalive set up to run every 15 seconds
Enter password:
Created session 0
5e8d5667ce78982a07242739ab03dc63c91e830c80a5b6adca777e3f216a405d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment