info

Manage the PIV Application.

ykman piv COMMAND ARGS

Command

Description

access

Manage PIN, PUK and Management Key.

certificates

Manage certificates.

info

Display general status of the PIV application.

keys

Manage private keys.

objects

Manage PIV data objects.

reset

Reset all PIV data.

Options

Description

-h, --help

Show this message and exit.

❊ Examples

LIST HELP

ykman piv -h


  info          Display general status of the PIV application.
  reset         Reset all PIV data.
  access        Manage PIN, PUK, and Management Key.
  certificates  Manage certificates.
  keys          Manage private keys.
  objects       Manage PIV data objects.

ykman piv access -h


  change-management-key  Change the management key.
  change-pin             Change the PIN code.
  change-puk             Change the PUK code.
  set-retries            Set the number of PIN and PUK retry attempts.
  unblock-pin            Unblock the PIN (using PUK).

ykman piv certificates -h


  delete    Delete a certificate.
  export    Export an X.509 certificate.
  generate  Generate a self-signed X.509 certificate.
  import    Import an X.509 certificate.
  request   Generate a Certificate Signing Request (CSR).

ykman piv info -h


  -h, --help  Show this message and exit.

ykman piv keys -h


  attest    Generate an attestation certificate for a key pair.
  export    Export a public key corresponding to a stored private key.
  generate  Generate an asymmetric key pair.
  import    Import a private key from file.

ykman piv objects -h


  export    Export an arbitrary PIV data object.
  generate  Generate and write data for a supported data object.
  import    Write an arbitrary PIV object.

ykman piv reset -h


  -f, --force  Confirm the action without prompting.
  -h, --help   Show this message and exit.

PIV INFO

ykman piv info

PIV version: 5.4.3
PIN tries remaining: 5/5
Management key algorithm: AES256
CHUID:  2214d7e739db29ced57ab252a256725678234567812a12345a1aa123456aa123456a123a14342d658bece768a123456789123456789123a11aa01
CCC:    No data available.

RESET PIV INTERFACE

ykman piv reset

WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]:

Change the PIN from 123456 to 654321:

ykman piv access change-pin

ykman piv access change-pin --pin 123456 --new-pin 654321

Generate an ECC P-256 private key and a self-signed certificate in slot 9a:

ykman piv keys generate --algorithm ECCP256 9a pubkey.pem

ykman piv certificates generate --subject "yubico" 9a pubkey.pem

PreviousWith XCA Nextreset

Last updated 2 years ago

Was this helpful?

info

Manage the PIV Application.

ykman piv COMMAND ARGS

Command

Description

access

Manage PIN, PUK and Management Key.

certificates

Manage certificates.

info

Display general status of the PIV application.

keys

Manage private keys.

objects

Manage PIV data objects.

reset

Reset all PIV data.

Options

Description

-h, --help

Show this message and exit.

❊ Examples

LIST HELP

ykman piv -h


  info          Display general status of the PIV application.
  reset         Reset all PIV data.
  access        Manage PIN, PUK, and Management Key.
  certificates  Manage certificates.
  keys          Manage private keys.
  objects       Manage PIV data objects.

ykman piv access -h


  change-management-key  Change the management key.
  change-pin             Change the PIN code.
  change-puk             Change the PUK code.
  set-retries            Set the number of PIN and PUK retry attempts.
  unblock-pin            Unblock the PIN (using PUK).

ykman piv certificates -h


  delete    Delete a certificate.
  export    Export an X.509 certificate.
  generate  Generate a self-signed X.509 certificate.
  import    Import an X.509 certificate.
  request   Generate a Certificate Signing Request (CSR).

ykman piv info -h


  -h, --help  Show this message and exit.

ykman piv keys -h


  attest    Generate an attestation certificate for a key pair.
  export    Export a public key corresponding to a stored private key.
  generate  Generate an asymmetric key pair.
  import    Import a private key from file.

ykman piv objects -h


  export    Export an arbitrary PIV data object.
  generate  Generate and write data for a supported data object.
  import    Write an arbitrary PIV object.

ykman piv reset -h


  -f, --force  Confirm the action without prompting.
  -h, --help   Show this message and exit.

PIV INFO

ykman piv info

PIV version: 5.4.3
PIN tries remaining: 5/5
Management key algorithm: AES256
CHUID:  2214d7e739db29ced57ab252a256725678234567812a12345a1aa123456aa123456a123a14342d658bece768a123456789123456789123a11aa01
CCC:    No data available.

RESET PIV INTERFACE

ykman piv reset

WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]:

Change the PIN from 123456 to 654321:

ykman piv access change-pin

ykman piv access change-pin --pin 123456 --new-pin 654321

Generate an ECC P-256 private key and a self-signed certificate in slot 9a:

ykman piv keys generate --algorithm ECCP256 9a pubkey.pem

ykman piv certificates generate --subject "yubico" 9a pubkey.pem

PreviousWith XCA Nextreset

Last updated 2 years ago

Was this helpful?