yubikey-manager [ykman --info ] ykman info Device type: YubiKey 5C Nano Serial number: 34697893 Firmware version: 5.7.4 Form factor: Nano (USB-C) Enabled USB interfaces: OTP, FIDO, CCID Applications Yubico OTP Enabled FIDO U2F Enabled FIDO2 Enabled OATH Enabled PIV Enabled OpenPGP Enabled YubiHSM Auth Enabled gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240100000006346978930000 Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: Yubico Serial number ....: 34697893 Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] opensc [ pkcs11-toool ] pkcs11-tool --module /nix/store/gd9yxh23rmbr25x15knf3rjycxlscgaq-opensc-0.26.1/lib/opensc-pkcs11.so -M pkcs11-tool --module /nix/store/gd9yxh23rmbr25x15knf3rjycxlscgaq-opensc-0.26.1/lib/opensc-pkcs11.so -M Using slot 0 with a present token (0x0) Supported mechanisms: SHA-1, digest SHA224, digest SHA256, digest SHA384, digest SHA512, digest MD5, digest RIPEMD160, digest GOSTR3411, digest ECDSA, keySize={256,384}, hw, sign, verify, EC OID, EC uncompressed ECDSA-SHA1, keySize={256,384}, sign, verify ECDSA-SHA224, keySize={256,384}, sign, verify ECDSA-SHA256, keySize={256,384}, sign, verify ECDSA-SHA384, keySize={256,384}, sign, verify ECDSA-SHA512, keySize={256,384}, sign, verify ECDH1-COFACTOR-DERIVE, keySize={256,384}, hw, derive, EC OID, EC uncompressed ECDH1-DERIVE, keySize={256,384}, hw, derive, EC OID, EC uncompressed RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify SHA224-RSA-PKCS, keySize={1024,3072}, sign, verify SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify SHA384-RSA-PKCS, keySize={1024,3072}, sign, verify SHA512-RSA-PKCS, keySize={1024,3072}, sign, verify MD5-RSA-PKCS, keySize={1024,3072}, sign, verify RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify RSA-PKCS-PSS, keySize={1024,3072}, hw, sign, verify SHA1-RSA-PKCS-PSS, keySize={1024,3072}, sign, verify SHA224-RSA-PKCS-PSS, keySize={1024,3072}, sign, verify SHA256-RSA-PKCS-PSS, keySize={1024,3072}, sign, verify SHA384-RSA-PKCS-PSS, keySize={1024,3072}, sign, verify SHA512-RSA-PKCS-PSS, keySize={1024,3072}, sign, verify RSA-PKCS-OAEP, keySize={1024,3072}, hw, decrypt ykman piv Usage: ykman piv [OPTIONS] COMMAND [ARGS]... Manage the PIV application. Examples: Generate an ECC P-256 private key and a self-signed certificate in slot 9a: $ ykman piv keys generate --algorithm ECCP256 9a pubkey.pem $ ykman piv certificates generate --subject "CN=yubico" 9a pubkey.pem Change the PIN from 123456 to 654321: $ ykman piv access change-pin --pin 123456 --new-pin 654321 Reset all PIV data and restore default settings: $ ykman piv reset Options: -h, --help show this message and exit Commands: info display general status of the PIV application reset reset all PIV data access manage PIN, PUK, and Management Key certificates manage certificates keys manage private keys objects manage PIV data objects ???ykman piv access change-management-key --generate --protect ykman piv keys generate --algorithm ECCP256 9a kihongmin_pub.pem ykman piv certificates generate --subject "CN=kihongmin" 9a kihongmin_pub.pem