.\" Copyright (c) 2011 Yubico AB
.\" See the file COPYING for license statement.
.\"
.de URL
\\$2 \(laURL: \\$1 \(ra\\$3
..
.if \n[.g] .mso www.tmac
.TH yhsm-yubikey-ksm "1" "December 2011" "python-pyhsm"

.SH NAME
yhsm-yubikey-ksm \(hy Decrypt YubiKey OTPs using an attached YubiHSM

.SH SYNOPSIS
.B yhsm-yubikey-ksm \fI--key-handles\fR ...
[\fIoptions\fR]

.SH DESCRIPTION
This is a small network server with a REST-like API that decodes YubiKey OTPs.

It can be used as a decryption backend (Key Storage Module) to a validation service
such as the YubiCloud.

The AES keys of the YubiKeys must be present as AEAD files decryptable
to the attached YubiHSM. Such AEADs can for example be created using \fIyhsm-import-keys\fR\|(1).

Note that this daemon is single threaded \(hy it will only handle a single request at once.
A request timeout is therefor most important.

.SH OPTIONS
.PP
.TP
\fB\-D\fR, \fB\-\-device\fR
device file name (default: /dev/ttyACM0)
.TP
\fB\-v\fR, \fB\-\-verbose\fR
enable verbose operation
.TP
\fB\-\-debug\fR
enable debug printout, including all data sent to/from YubiHSM
.TP
\fB\-\-U\fR, \fB\-\-serve-url\fR base
base of URL for decrypt web service (default: /yhsm/validate?)
.TP
\fB\-\-port\fR num
port to listen on (default: 8002)
.TP
\fB\-\-addr\fR addr
address to bind to (default: 127.0.0.1)
.TP
\fB\-\-key-handles\fR kh, \fB\-\-key-handle\fR kh
key handles to use for decoding OTPs. Examples : "1", "0xabcd".
.TP
\fB\-\-aead-dir\fR dir, \fB\-B\fR dir
base directory for AEADs (default: /var/cache/yubikey-ksm/aeads)
.TP
\fB\-\-reqtimeout\fR num
number of seconds before a request times out (default: 5)
.TP
\fB\-\-pid-file\fR fn
write process id of server to this file

.SH "BUGS"
Report python-pyhsm/yhsm-yubikey-ksm bugs in
.URL "https://github.com/Yubico/python-pyhsm/issues/" "the issue tracker"

.SH "SEE ALSO"
The
.URL "https://github.com/Yubico/python-pyhsm/" "python-yubico home page"
.PP
YubiHSMs can be obtained from
.URL "http://www.yubico.com/" "Yubico" "."