How to use the command ykman (with examples)
The ykman command is used to configure YubiKeys. It allows you to manage various applications on your YubiKey, such as FIDO, OATH, and OpenPGP. Additionally, it provides information about your YubiKey, including the serial number, firmware version, and capabilities.
Use case 1: Display general information about a YubiKey
Code:
ykman info
Motivation: You may want to retrieve general information about your YubiKey, such as its serial number, firmware version, and capabilities. This can be useful for troubleshooting purposes or verifying the authenticity of the YubiKey.
Explanation: This command provides an overview of the connected YubiKey and its capabilities. It displays information like the serial number, firmware version, touch level, enabled features, supported interfaces, and supported applications.
Example output:
Serial number: 12345678
Firmware version: 5.4.3
Touch level: 1
Enabled features: FIDO2, OTP, U2F, CCID
Supported interfaces: USB
Supported applications: FIDO2
Use case 2: List connected YubiKeys with short descriptions
Code:
ykman list
Motivation: If you have multiple YubiKeys connected to your device, it can be useful to quickly identify them by their serial numbers. This command provides a one-line summary of the connected YubiKeys, including their serial numbers.
Explanation: The ykman list command lists all the connected YubiKeys with their respective serial numbers. It displays a short, one-line description of each YubiKey, making it easier to identify and select the desired YubiKey for further configuration.
Example output:
12345678: YubiKey 5 NFC
98765432: YubiKey NEO
Use case 3: View documentation for enabling and disabling applications
Code:
tldr ykman config
Motivation: If you want to learn more about how to enable or disable applications on your YubiKey, this command provides a concise and easy-to-understand summary of the necessary steps. It is especially useful for users who are new to YubiKeys or need a quick reference guide.
Explanation: The tldr ykman config command displays a brief documentation summary for enabling and disabling applications on your YubiKey. It provides an overview of the available configuration options and the corresponding commands to manage the applications.
Example output:
ykman config enable <application> - Enable a specific application
ykman config disable <application> - Disable a specific application
Use case 4: View documentation for managing the FIDO applications
Code:
tldr ykman fido
Motivation: If you want to learn more about managing the FIDO applications on your YubiKey, this command provides a concise and easy-to-understand summary of the necessary steps. It helps you understand how to use the YubiKey for FIDO-based authentication and authorization.
Explanation: The tldr ykman fido command displays a brief documentation summary for managing the FIDO applications on your YubiKey. It provides an overview of the available commands and their functionality, including registering or deleting FIDO credentials.
Example output:
ykman fido reset - Reset the FIDO application settings
ykman fido list - List registered FIDO credentials
ykman fido delete <credential_id> - Delete a specific FIDO credential
Use case 5: View documentation for managing the OATH application
Code:
tldr ykman oath
Motivation: If you want to learn more about managing the OATH application on your YubiKey, this command provides a concise and easy-to-understand summary of the necessary steps. It helps you understand how to use the YubiKey for generating one-time passwords (OTP) and managing OATH credentials.
Explanation: The tldr ykman oath command displays a brief documentation summary for managing the OATH application on your YubiKey. It provides an overview of the available commands and their functionality, such as adding, listing, or deleting OATH credentials.
Example output:
ykman oath add [options] <credential> - Add an OATH credential
ykman oath list - List registered OATH credentials
ykman oath delete <credential_id> - Delete a specific OATH credential
Use case 6: View documentation for managing the OpenPGP application
Code:
tldr ykman openpgp
Motivation: If you want to learn more about managing the OpenPGP application on your YubiKey, this command provides a concise and easy-to-understand summary of the necessary steps. It helps you understand how to use the YubiKey for OpenPGP-based operations like encryption, signing, and authentication.
Explanation: The tldr ykman openpgp command displays a brief documentation summary for managing the OpenPGP application on your YubiKey. It provides an overview of the available commands and their functionality, such as generating a key pair, importing keys, and changing PINs.
Example output:
ykman openpgp generate - Generate an OpenPGP key pair
ykman openpgp import <key_file> - Import an OpenPGP key
ykman openpgp change-pin - Change the PIN for the OpenPGP application
Conclusion:
The ykman command is a powerful tool for configuring and managing YubiKeys. From retrieving general information about your YubiKey to enabling and disabling applications, this command provides a range of functionalities. Additionally, the tldr subcommand offers concise documentation summaries for various tasks related to FIDO, OATH, and OpenPGP applications. With the ykman command, you can efficiently manage and utilize the capabilities of your YubiKey.
