Comments (5)
The verbosity is a set of bit flags, where YH_VERB_QUIET sets none and YH_VERB_ALL sets all flags. See their definitions in yubihsm.h around line 130.
Regarding cert and key, yes the curl backend now supports client certificate and key, if requested / required by the server. yubihsm-connector doesn't support this directly yet, so something like a reverse proxy would be needed on that side. Also, the winhttp backend (on Windows) doesn't support it yet. This authentication is strictly on the https level, so it has nothing to do with the yubihsm. It is more of a way to disallow unauthorized access to the connector.
from yubihsm-shell.
That config file is for the pkcs#11 module, the shell uses a different format. The config file for the shell simply allows you to specify the same options you would from the command line. It uses the gengetopt function cmdline_parser_config_file to implement this. Note that only command line options can be used, the interactive commands are not supported.
from yubihsm-shell.
Well, config file for yubihsm-shell
clearly understands connector
and cacert
statements. From the old days, I seem to recall that it used to understand debug
- because I used it...
What's the format of the yubihsm-shell
configuration file, and what commands (and in what format) can I place there? I think this is a-must for the docs.
from yubihsm-shell.
The supported options are the same as the command line 'long options' i.e. the ones with a double dash. You can see them in the source file src/cmdline.ggo or from the help given by yubihsm-shell -h. In the file they should be given without the double dashes. 'connector' and 'cacert' options (but not 'debug', use 'verbose' instead) are indeed supported by yubihsm-shell, but that's just because the options overlap. I agree it should be documented, will forward this.
from yubihsm-shell.
@qpernil thanks.
- What are the allowed values for
verbose=INT
, and what would they mean (i.e., what info would I get for each of those values)? cert=STRING
andkey=STRING
- do these options allow the client to authenticate to the connector via certificate? Prior to authenticating to the HSM2 via opening session? If so - how do I force the connector to accept only mutually-authenticated connections?
from yubihsm-shell.
Related Issues (20)
- Signing keys need updating on website HOT 2
- Unwrapping an exported wrapped key without device involvement HOT 4
- Remote problem HOT 1
- the last changelog entry references wrong version HOT 1
- RFE: is it possible to start making github releases?🤔
- Changelog typo HOT 1
- Unable to import an asymmetric wrapping key? HOT 6
- Cannot generate RSA-OAEP key pair? HOT 3
- Error running keytool on windows with YubiHSM HOT 11
- AES CTR Encryption HOT 3
- Failed to store symmetric key: Invalid command HOT 4
- yubihsm-shell ignores env var YUBIHSM_PKCS11_CONF HOT 2
- Yubihsm ran out of session after a while when using with pkcs11 module HOT 10
- Malformed data error when signing SHA3-384 with yh_util_sign_pkcs1v1_5 HOT 1
- 2.4.2: test suite fails in 12% units HOT 7
- Docker container cannot connect to yubihsm connector running on host on Ubuntu 22.04.3 LTS HOT 1
- Inquiry about YubiHSM 2 Authentication & Access control HOT 1
- Support for SHA3-* HOT 1
- [P11 - ERR 21:10:53.246143] util_pkcs11.c:4593 (parse_rsa_generate_template): Boolean truth check failed for attribute 0x1 [P11 - ERR 21:10:53.246154] yubihsm_pkcs11.c:5248 (C_GenerateKeyPair): Unable to parse generation template HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yubihsm-shell.