YubiHSM2: Working command sequence in yubihsm-shell won't work non-interactively on command line

530 views Asked by At

I got a working sequence of commands within yubihsm-shell, but cannot get the same result when calling the shell non-interactively from the command line.

In the shell I got:

yubihsm> connect
yubihsm> session open 2 MyPassword
yubihsm> set informat base64
yubihsm> set outformat hex
yubihsm> decrypt oaep 0 0x1ddd rsa-oaep-sha1 wrapped_ephemeral.txt

On the command line I have currently this (I unfortunately need to be on Windows for that, so this cmd syntax)

set YUBISHELL="c:\Program Files\Yubico\YubiHSM Shell\bin\yubihsm-shell.exe"

type wrapped_ephemeral.txt | %YUBISHELL%                                     ^
                               --authkey=2                                   ^
                               --password=MyPassword                         ^
                               --algorithm=rsa-oaep-sha1                     ^
                               --informat=base64                             ^
                               --outformat=hex                               ^
                               --object-id=7645                              ^
                               --action=decrypt-oaep

All I'll get is

Session keepalive set up to run every 15 seconds
Created session 0
Command not implemented: Generic error

However, connecting and authenticating works ...

%YUBISHELL%                  ^
  --authkey=2                ^
  --password=MyPassword      ^
  --action=get-device-info

... as I get this

Using default connector URL: http://127.0.0.1:12345
Session keepalive set up to run every 15 seconds
Version number:         2.2.0
Serial number:          ........
Log used:               62/62
Supported algorithms:   rsa-pkcs1-sha1, rsa-pkcs1-sha256, rsa-pkcs1-sha384,
                        rsa-pkcs1-sha512, rsa-pss-sha1, rsa-pss-sha256,
                        rsa-pss-sha384, rsa-pss-sha512, rsa2048,
                        rsa3072, rsa4096, ecp256,
                        ecp384, ecp521, eck256,
                        ecbp256, ecbp384, ecbp512,
                        hmac-sha1, hmac-sha256, hmac-sha384,
                        hmac-sha512, ecdsa-sha1, ecdh,
                        rsa-oaep-sha1, rsa-oaep-sha256, rsa-oaep-sha384,
                        rsa-oaep-sha512, aes128-ccm-wrap, opaque-data,
                        opaque-x509-certificate, mgf1-sha1, mgf1-sha256,
                        mgf1-sha384, mgf1-sha512, template-ssh,
                        aes128-yubico-otp, aes128-yubico-authentication, aes192-yubico-otp,
                        aes256-yubico-otp, aes192-ccm-wrap, aes256-ccm-wrap,
                        ecdsa-sha256, ecdsa-sha384, ecdsa-sha512,
                        ed25519, ecp224, rsa-pkcs1-decrypt,
1

There are 1 answers

0
Seven On

The error message "Command not implemented: Generic error" is meant seriously and is not due an mistake by me.

Incomprehensibly, some commands are only available in the interactive mode of the shell.

Known Issues and Limitations

Unimplemented Commands When Invoked in Command-Line Mode ...

  • decrypt-oaep ...

(https://developers.yubico.com/YubiHSM2/Releases/Known_issues.html)