I got a working sequence of commands within yubihsm-shell, but cannot get the same result when calling the shell non-interactively from the command line.
In the shell I got:
yubihsm> connect
yubihsm> session open 2 MyPassword
yubihsm> set informat base64
yubihsm> set outformat hex
yubihsm> decrypt oaep 0 0x1ddd rsa-oaep-sha1 wrapped_ephemeral.txt
On the command line I have currently this (I unfortunately need to be on Windows for that, so this cmd syntax)
set YUBISHELL="c:\Program Files\Yubico\YubiHSM Shell\bin\yubihsm-shell.exe"
type wrapped_ephemeral.txt | %YUBISHELL% ^
--authkey=2 ^
--password=MyPassword ^
--algorithm=rsa-oaep-sha1 ^
--informat=base64 ^
--outformat=hex ^
--object-id=7645 ^
--action=decrypt-oaep
All I'll get is
Session keepalive set up to run every 15 seconds
Created session 0
Command not implemented: Generic error
However, connecting and authenticating works ...
%YUBISHELL% ^
--authkey=2 ^
--password=MyPassword ^
--action=get-device-info
... as I get this
Using default connector URL: http://127.0.0.1:12345
Session keepalive set up to run every 15 seconds
Version number: 2.2.0
Serial number: ........
Log used: 62/62
Supported algorithms: rsa-pkcs1-sha1, rsa-pkcs1-sha256, rsa-pkcs1-sha384,
rsa-pkcs1-sha512, rsa-pss-sha1, rsa-pss-sha256,
rsa-pss-sha384, rsa-pss-sha512, rsa2048,
rsa3072, rsa4096, ecp256,
ecp384, ecp521, eck256,
ecbp256, ecbp384, ecbp512,
hmac-sha1, hmac-sha256, hmac-sha384,
hmac-sha512, ecdsa-sha1, ecdh,
rsa-oaep-sha1, rsa-oaep-sha256, rsa-oaep-sha384,
rsa-oaep-sha512, aes128-ccm-wrap, opaque-data,
opaque-x509-certificate, mgf1-sha1, mgf1-sha256,
mgf1-sha384, mgf1-sha512, template-ssh,
aes128-yubico-otp, aes128-yubico-authentication, aes192-yubico-otp,
aes256-yubico-otp, aes192-ccm-wrap, aes256-ccm-wrap,
ecdsa-sha256, ecdsa-sha384, ecdsa-sha512,
ed25519, ecp224, rsa-pkcs1-decrypt,
The error message "Command not implemented: Generic error" is meant seriously and is not due an mistake by me.
Incomprehensibly, some commands are only available in the interactive mode of the shell.
(https://developers.yubico.com/YubiHSM2/Releases/Known_issues.html)