Provided by: yhsm-tools_1.0.4l-1_all bug

NAME
       yhsm-keystore-unlock ‐ Unlock the keystore in a YubiHSM


SYNOPSIS
       yhsm-keystore-unlock [options]


DESCRIPTION
       In versions of the YubiHSM before 1.0, the YubiHSM could be protected using a 'HSM password'. The YubiHSM
       would  unlock  it's  cryptographic  functions  if  the  correct  password  was given, but it was a simple
       comparision test.

       In YubiHSM 1.0, the password was changed into an actual key that was used to decrypt the contents of  the
       YubiHSM  internal  key  store, which was then AES-256 encrypted using the new 'Master key' when stored in
       the device.

       In YubiHSM 1.0, the option to also require an YubiKey OTP to unlock the keystore was also added.  One  or
       more  'Admin  YubiKeys'  can  be  configured  in  the  YubiHSM, and an OTP from one of these must also be
       provided before the YubiHSM will enable it's cryptographic functions.

       The OTP is simply validated against the non-encrypted internal database (not key store)  in  the  YubiHSM
       though,  but together with a 'Master key' not stored on the server with the YubiHSM, it provides enhanced
       security by being a second  factor  that  an  attacker  can't  just  intercept  even  if  the  server  is
       compromised.


OPTIONS
       -D, --device
              device file name (default: /dev/ttyACM0).

       -v, --verbose
              enable verbose operation.

       --debug
              enable debug printout, including all data sent to/from YubiHSM.

       --no-otp
              skip  the  prompt  for  an  OTP. For use by scripts where no OTP is required and the Master Key is
              stored on the server with the YubiHSM.

       --stdin
              read password and/or OTP from stdin rather than prompting  for  them.   Python  prompts  does  not
              accept  piped  input,  so  this  option  have  to  be used to unlock the YubiHSM from a script for
              example.


EXIT STATUS
       0   YubiHSM keystore successfully unlocked.

       1   Failed to unlock keystore.


BUGS
       Report python-pyhsm/yhsm-keystore-unlock bugs in the issue tracker ⟨https://github.com/Yubico/
       python-pyhsm/issues/⟩


SEE ALSO
       The home page ⟨https://developers.yubico.com/python-pyhsm/⟩

       YubiHSMs can be obtained from Yubico ⟨http://www.yubico.com/⟩.

python-pyhsm                                      December 2011                          yhsm-keystore-unlock(1)