⭕info

Manage the PIV Application.

ykman piv COMMAND ARGS

Command	Description
access	Manage PIN, PUK and Management Key.
certificates	Manage certificates.
info	Display general status of the PIV application.
keys	Manage private keys.
objects	Manage PIV data objects.
reset	Reset all PIV data.

Options	Description
-h, --help	Show this message and exit.

❊ Examples

LIST HELP

base

ykman piv -h


  info          Display general status of the PIV application.
  reset         Reset all PIV data.
  access        Manage PIN, PUK, and Management Key.
  certificates  Manage certificates.
  keys          Manage private keys.
  objects       Manage PIV data objects.

access

ykman piv access -h


  change-management-key  Change the management key.
  change-pin             Change the PIN code.
  change-puk             Change the PUK code.
  set-retries            Set the number of PIN and PUK retry attempts.
  unblock-pin            Unblock the PIN (using PUK).

certificates

ykman piv certificates -h


  delete    Delete a certificate.
  export    Export an X.509 certificate.
  generate  Generate a self-signed X.509 certificate.
  import    Import an X.509 certificate.
  request   Generate a Certificate Signing Request (CSR).

info

ykman piv info -h


  -h, --help  Show this message and exit.

keys

ykman piv keys -h


  attest    Generate an attestation certificate for a key pair.
  export    Export a public key corresponding to a stored private key.
  generate  Generate an asymmetric key pair.
  import    Import a private key from file.

objects

ykman piv objects -h


  export    Export an arbitrary PIV data object.
  generate  Generate and write data for a supported data object.
  import    Write an arbitrary PIV object.

reset

ykman piv reset -h


  -f, --force  Confirm the action without prompting.
  -h, --help   Show this message and exit.

PIV INFO

Command

ykman piv info

Output

PIV version: 5.4.3
PIN tries remaining: 5/5
Management key algorithm: AES256
CHUID:  2214d7e739db29ced57ab252a256725678234567812a12345a1aa123456aa123456a123a14342d658bece768a123456789123456789123a11aa01
CCC:    No data available.

RESET PIV INTERFACE

Command

ykman piv reset

Output

WARNING! This will delete all stored PIV data and restore factory settings. Proceed? [y/N]:

Change the PIN from 123456 to 654321:

Command (Define)

ykman piv access change-pin

Command (Dialog)

ykman piv access change-pin --pin 123456 --new-pin 654321

Generate an ECC P-256 private key and a self-signed certificate in slot 9a:

Generate Key

ykman piv keys generate --algorithm ECCP256 9a pubkey.pem

Generate Certificate

ykman piv certificates generate --subject "yubico" 9a pubkey.pem