[][src]Struct yubihsm::client::Client

pub struct Client { /* fields omitted */ }

YubiHSM client: main API in this crate for accessing functions of the HSM hardware device.

Methods

impl Client
[src]

Open a connection via a Connector to a YubiHSM, returning a yubihsm::Client. Valid Connector types are: HttpConnector, UsbConnector, and MockHsm.

Create a yubihsm::Client, but defer connecting until connect() is called.

Connect to the HSM (idempotently, i.e. returns success if we have an open connection already)

Are we currently connected to the HSM?

Get the current session ID (if we have an open session).

Get current Session (either opening a new one or returning an already open one).

Ping the HSM, ensuring we have a live connection and returning the end-to-end latency.

Obtain an X.509 attestation certificate for a key within the HSM. This can be used to demonstrate that a given key was generated by and stored within a HSM in a non-exportable manner.

The key_id is the subject key for which an attestation certificate is created, and theattestation_key_id will be used to sign the attestation certificate.

If no attestation key is given, the device's default attestation key will be used, and can be verified against Yubico's certificate.

https://developers.yubico.com/YubiHSM2/Commands/Attest_Asymmetric.html

Blink the HSM's LEDs (to identify it) for the given number of seconds.

https://developers.yubico.com/YubiHSM2/Commands/Blink.html

Delete an object of the given ID and type.

https://developers.yubico.com/YubiHSM2/Commands/Delete_Object.html

Export an encrypted object from the HSM using the given key-wrapping key.

https://developers.yubico.com/YubiHSM2/Commands/Export_Wrapped.html

Generate a new wrap key within the HSM.

Delegated capabilities are the set of Capability bits that an object is allowed to have when imported or exported using the wrap key.

https://developers.yubico.com/YubiHSM2/Commands/Generate_Wrap_Key.html

Get the audit policy setting for a particular command.

https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html

Get the audit policy settings for all commands.

https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html

Get the forced auditing global option: when enabled, the device will refuse operations if the [log store] becomes full.

https://developers.yubico.com/YubiHSM2/Commands/Get_Option.html [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html

Get some number of bytes of pseudo random data generated on the device.

https://developers.yubico.com/YubiHSM2/Commands/Get_Pseudo_Random.html

Get the public key for an asymmetric key stored on the device.

https://developers.yubico.com/YubiHSM2/Commands/Get_Pubkey.html

Compute an HMAC tag of the given data with the given key ID.

https://developers.yubico.com/YubiHSM2/Commands/Hmac_Data.html

Import an encrypted object from the HSM using the given key-wrapping key.

https://developers.yubico.com/YubiHSM2/Commands/Import_Wrapped.html

List objects visible from the current session.

Optionally apply a set of provided filters which select objects based on their attributes.

https://developers.yubico.com/YubiHSM2/Commands/List_Objects.html

Put an existing asymmetric key into the HSM.

https://developers.yubico.com/YubiHSM2/Commands/Put_Asymmetric.html

Put an opaque object (X.509 certificate or other bytestring) into the HSM.

https://developers.yubico.com/YubiHSM2/Commands/Put_Opaque.html

Configure the audit policy settings for a particular command, e.g. auditing should be On, Off, or Fix (i.e. fixed permanently on).

https://developers.yubico.com/YubiHSM2/Commands/Put_Option.html

Put the forced auditing global option: when enabled, the device will refuse operations if the [log store] becomes full.

Options are On, Off, or Fix (i.e. fixed permanently on)

https://developers.yubico.com/YubiHSM2/Commands/Put_Option.html [log store]: https://developers.yubico.com/YubiHSM2/Concepts/Logs.html

Reset the HSM to a factory default state and reboot, clearing all stored objects and restoring the default auth key.

WARNING: This wipes all keys and other data from the HSM! Make absolutely sure you want to use this!

https://developers.yubico.com/YubiHSM2/Commands/Reset.html

Set the index of the last consumed index of the HSM audit log.

https://developers.yubico.com/YubiHSM2/Commands/Set_Log_Index.html

Compute an ECDSA signature of the given digest (i.e. a precomputed SHA-2 digest)

https://developers.yubico.com/YubiHSM2/Commands/Sign_Data_Ecdsa.html

secp256k1 notes

The YubiHSM2 does not produce signatures in "low S" form, which is expected for most cryptocurrency applications (the typical use case for secp256k1).

If your application demands this (e.g. Bitcoin), you'll need to normalize the signatures. One option for this is the secp256k1 crate's Signature::normalize_s function.

The signatory-yubihsm crate automatically normalizes secp256k1 ECDSA signatures to "low S" form. Consider using that if you'd like a ready-made solution for cryptocurrency applications.

Compute an Ed25519 signature with the given key ID.

https://developers.yubico.com/YubiHSM2/Commands/Sign_Data_Eddsa.html

Compute an RSASSA-PKCS#1v1.5 signature of the SHA-256 hash of the given data.

WARNING: This method has not been tested and is not confirmed to actually work! Use at your own risk!

https://developers.yubico.com/YubiHSM2/Commands/Sign_Data_Pkcs1.html

Compute an RSASSA-PSS signature of the SHA-256 hash of the given data with the given key ID.

WARNING: This method has not been tested and is not confirmed to actually work! Use at your own risk!

https://developers.yubico.com/YubiHSM2/Commands/Sign_Data_Pss.html

Get storage status (i.e. currently free storage) from the HSM device.

https://developers.yubico.com/YubiHSM2/Commands/Storage_Status.html

Decrypt data which was encrypted (using AES-CCM) under a wrap key.

https://developers.yubico.com/YubiHSM2/Commands/Unwrap_Data.html

Verify an HMAC tag of the given data with the given key ID.

https://developers.yubico.com/YubiHSM2/Commands/Verify_Hmac.html

Encrypt data (with AES-CCM) using the given wrap key.

https://developers.yubico.com/YubiHSM2/Commands/Wrap_Data.html

Auto Trait Implementations

impl Send for Client

impl Sync for Client

Blanket Implementations

impl<T, U> Into for T where
    U: From<T>, 
[src]

Performs the conversion.

impl<T> From for T
[src]

Performs the conversion.

impl<T, U> TryFrom for T where
    T: From<U>, 
[src]

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

🔬 This is a nightly-only experimental API. (try_from)

Performs the conversion.

impl<T> Borrow for T where
    T: ?Sized
[src]

Immutably borrows from an owned value. Read more

impl<T> BorrowMut for T where
    T: ?Sized
[src]

Mutably borrows from an owned value. Read more

impl<T, U> TryInto for T where
    U: TryFrom<T>, 
[src]

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

🔬 This is a nightly-only experimental API. (try_from)

Performs the conversion.

impl<T> Any for T where
    T: 'static + ?Sized
[src]

🔬 This is a nightly-only experimental API. (get_type_id)

this method will likely be replaced by an associated static

Gets the TypeId of self. Read more

impl<T> Same for T

Should always be Self