This is the command yhsm-generate-keys that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
yhsm-generate-keys ‐ Generate AEADs with secrets for YubiKeys using a YubiHSM
SYNOPSIS
yhsm-generate-keys --key-handles KEY_HANDLES --start-public-id START_ID [options]
DESCRIPTION
With this tool, a YubiHSM can generate random secrets (using it's internal true random
number generator), and these secrets protected in AEAD files can be stored on the host
computer.
The AEADs will be ready to be used by for example yhsm-yubikey-ksm(1) ), as a part of a
YubiKey OTP validation service.
To program YubiKeys with the generated secrets, it is possible to decrypt the AEADs
(knowledge of the AES key used inside the YubiHSM is required) using yhsm-decrypt-aead(1)
OPTIONS
-D, --device
Device file name (default: /dev/ttyACM0).
-v, --verbose
Enable verbose operation.
--debug
Enable debug printout, including all data sent to/from YubiHSM.
-O dir Base output directory (default: /var/cache/yubikey-ksm/aeads).
-c integer
Number of AEADs to generate.
--public-id-chars integer
Number of chars in generated public ids (default: 12). Changing this might not work
well.
--key-handles kh [kh ...]
Key handles to encrypt the generated secrets with. Examples : "1", "0xabcd".
--start-public-id id
Public id of the first generated secret, in modhex.
--random-nonce
Use random nonce generated from YubiHSM.
EXIT STATUS
0 Secrets generated successfully.
1 Failed to generate secrets.
Use yhsm-generate-keys online using onworks.net services
