Provided by: yhsm-yubikey-ksm_1.2.1-1_all bug


       yhsm-import-keys ‐ import YubiKey secrets to YubiHSM


       yhsm-import-keys --key-handles ...  [options]


       Read  YubiKey  token  data  from  standard  input, and store it in files or in the YubiHSM
       internal database.

       The default mode is to turn each YubiKey secret into  an  AEAD  (Authenticated  Encryption
       with  Associated  Data)  block that is stored in a file on the host computer (one file per
       YubiKey). This enables validation of virtually unlimited numbers of YubiKey's OTPs.

       If --internal-db is used, the YubiKey secret  will  be  stored  inside  the  YubiHSM,  and
       complete  validation  (including  counter management) will be done inside the YubiHSM. The
       internal database is currently limited to 1024 entries.


       -D, --device
              device file name (default: /dev/ttyACM0)

       -v, --verbose
              enable verbose operation

              enable debug printout, including all data sent to/from YubiHSM

       --public_id_chars num
              number of chars to pad public id to (default: 12)

       --key-handles kh
              key handles to use for decoding OTPs. Examples : "1", "0xabcd"

       --output-dir dir, --aead-dir dir, -O dir
              base directory for AEADs (default: /var/cache/yubikey-ksm/aeads)

              add entries to YubiHSM internal database, rather than creating AEAD files

              use random nonce generated from YubiHSM


       The format of the input matches the export format of various Yubico tools, notably the PHP
       based soft KSM ⟨⟩.

       An example file, with a single entry for id 4711 would be :

           # ykksm 1

       (seqno, public id, private uid, AES key, dunno,,,)

       The #ykksm 1 is a file marker, and has to be on the very first line of input.


       Report python-pyhsm/yhsm-import-keys bugs in the issue tracker ⟨


       The home page ⟨⟩

       YubiHSMs can be obtained from Yubico ⟨⟩.