Provided by: yhsm-yubikey-ksm_1.0.4l-1_all bug

NAME

       yhsm-yubikey-ksm ‐ Decrypt YubiKey OTPs using an attached YubiHSM

SYNOPSIS

       yhsm-yubikey-ksm --key-handles ...  [options]

DESCRIPTION

       This is a small network server with a REST-like API that decodes YubiKey OTPs.

       It  can  be used as a decryption backend (Key Storage Module) to a validation service such
       as the YubiCloud.

       The AES keys of the YubiKeys must be present as AEAD files  decryptable  to  the  attached
       YubiHSM. Such AEADs can for example be created using yhsm-import-keys(1).

       Note  that  this daemon is single threaded ‐ it will only handle a single request at once.
       A request timeout is therefor most important.

OPTIONS

       -D, --device
              device file name (default: /dev/ttyACM0)

       -v, --verbose
              enable verbose operation

       --debug
              enable debug printout, including all data sent to/from YubiHSM

       -U, --serve-url base
              base of URL for decrypt web service (default: /yhsm/validate?)

       -S, --stats-url url
              URL where some basic statistics about operations since start can be collected

       --port num
              port to listen on (default: 8002)

       --addr addr
              address to bind to (default: 127.0.0.1)

       --key-handles kh, --key-handle kh
              key handles to use for decoding OTPs. Examples : "1", "0xabcd".

       --aead-dir dir, -B dir
              base directory for AEADs (default: /var/cache/yubikey-ksm/aeads)

       --reqtimeout num
              number of seconds before a request times out (default: 5)

       --pid-file fn
              write process id of server to this file

BUGS

       Report python-pyhsm/yhsm-yubikey-ksm bugs in the issue tracker ⟨https://github.com/Yubico/
       python-pyhsm/issues/⟩

SEE ALSO

       The home page ⟨https://developers.yubico.com/python-pyhsm/⟩

       YubiHSMs can be obtained from Yubico ⟨http://www.yubico.com/⟩.