GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
YUBICO-PIV-TOOL(1) User Commands YUBICO-PIV-TOOL(1)

yubico-piv-tool - Tool for managing Personal Identity Verification credentials on Yubikeys

yubico-piv-tool [OPTION]...

Print help and exit
Print help, including hidden options, and exit
Print version and exit
Print more information (default=`0')
Only use a matching reader (default=`Yubikey')
Management key to use, if no value is specified key will be asked for (default=`010203040506070801020304050607080102030405060708')
Action to take (possible values="version", "generate", "set-mgm-key", "reset", "pin-retries", "import-key", "import-certificate", "set-chuid", "request-certificate", "verify-pin", "verify-bio", "change-pin", "change-puk", "unblock-pin", "selfsign-certificate", "delete-certificate", "read-certificate", "status", "test-signature", "test-decipher", "list-readers", "set-ccc", "write-object", "read-object", "attest", "move-key", "delete-key")
Multiple actions may be given at once and will be executed in order for example --action=verify-pin --action=request-certificate
What key slot to operate on (possible values="9a", "9c", "9d", "9e", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f", "90", "91", "92", "93", "94", "95", "f9")
9a is for PIV Authentication 9c is for Digital Signature (PIN always checked) 9d is for Key Management 9e is for Card Authentication (PIN never checked) 82-95 is for Retired Key Management f9 is for Attestation
What slot to move an existing key to (possible values="9a", "9c", "9d", "9e", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f", "90", "91", "92", "93", "94", "95", "f9")
9a is for PIV Authentication 9c is for Digital Signature (PIN always checked) 9d is for Key Management 9e is for Card Authentication (PIN never checked) 82-95 is for Retired Key Management f9 is for Attestation
What algorithm to use (possible values="RSA1024", "RSA2048", "RSA3072", "RSA4096", "ECCP256", "ECCP384", "ED25519", "X25519" default=`RSA2048')
Hash to use for signatures (possible values="SHA1", "SHA256", "SHA384", "SHA512" default=`SHA256')
New management key to use for action set-mgm-key, if omitted key will be asked for
Number of retries before the pin code is blocked
Number of retries before the puk code is blocked
Filename to use as input, - for stdin (default=`-')
Filename to use as output, - for stdout (default=`-')
Format of the key being read/written (possible values="PEM", "PKCS12", "GZIP", "DER", "SSH" default=`PEM')
Compress a large certificate using GZIP before import (default=off)
Reset the whole device over all applications (default=off)
Password for decryption of private key file, if omitted password will be asked for
The subject to use for certificate request
The subject must be written as: /CN=host.example.com/OU=test/O=example.com/
Serial number of the self-signed certificate
Time (in days) until the self-signed certificate expires (default=`365')
Pin/puk code for verification, if omitted pin/puk will be asked for
New pin/puk code for changing, if omitted pin/puk will be asked for
Set pin policy for action generate or import-key. Only available on YubiKey 4 or newer (possible values="never", "once", "always", "matchonce", "matchalways")
Set touch policy for action generate, import-key or set-mgm-key. Only available on YubiKey 4 or newer (possible values="never", "always", "cached")
Id of object for write/read object
Format of data for write/read object (possible values="hex", "base64", "binary" default=`hex')
Add attestation cross-signature (default=off)
New management key algorithm to use for action set-mgm-key (possible values="TDES", "AES128", "AES192", "AES256" default=`TDES')
Use encrypted communication as specified by Secure Channel Protocol 11 (SCP11b) (default=off)
July 2025 yubico-piv-tool 2.7.1
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.