yhsm-decrypt-aead(1) Decrypt AEADs (with secrets for YubiKeys)


yhsm-decrypt-aead [options] --aes-key KEY file-or-dir [...]


Decrypt AEADs generated using a YubiHSM. NOTE that this requires knowledge of the AES key used in the YubiHSM.

After a number of YubiKey secrets have been generated using yhsm-generate-keys(1) , this tool can decrypt them and produce a CSV file usable to personalize corresponding YubiKeys.


-v, --verbose
Enable verbose operation.
Enable debug printout.
--format str
Select output format (raw or yubikey-csv).
Prefix any output with the input filename.
--key-handle kh
Key handle used when generated AEADs, if not stored in the AEAD file (AEAD generated with python-pyhsm 1.0.3 or lower).
--aes-key hexstr
AES key used to generate the AEADs.


Report python-pyhsm/yhsm-decrypt-aead bugs in the issue tracker <URL: https://github.com/Yubico/python-pyhsm/issues/ >