Skip to content

Latest commit

 

History

History
36 lines (30 loc) · 3.34 KB

README.md

File metadata and controls

36 lines (30 loc) · 3.34 KB

CodeQL .github/workflows/release.yml

YubiKey CSR Generator

This tool generates a Certificate Signing Request (CSR) using a private key from a YubiKey device.

Usage

yk-csr-gen [options]

Options

  • --new-pk, --replace-private-key: Indicates whether to replace the existing private key in the slot. If specified or set to true, a new private key will be generated. (Default: False)
  • --slot, --slot-number <82|83|84|85|86|87|88|89|8A|8B|8C|8D|8E|8F|90|91|92|93|94|95|9A|9C|9D|9E>: The slot number on the YubiKey device to be used for the key generation or retrieval. (Default: 9D)
  • --out, --out-file <out-file>: The file path where the generated CSR will be written. If not provided, CSR will be printed to the console.
  • --out-pub, --out-pub-file <out-pub-file>: If specified, the file path where the public key extracted from the CSR will be written.
  • --text: Print CSR to console irrespective of file output option. (Default: False)
  • --text-pub: Print the public key to the console. (Default: False)
  • --hash <1.3.14.3.2.26|2.16.840.1.101.3.4.2.1|2.16.840.1.101.3.4.2.2|2.16.840.1.101.3.4.2.3|SHA1|sha1|SHA256|sha256|SHA384|sha384|SHA512|sha512>: Specifies the hash algorithm to use for the CSR. Supported hash algorithms are SHA1, SHA256, SHA384, and SHA512. OIDs and friendly names (case-insensitive) of the algorithms can be used. (Default: SHA256)
  • --cn, --common-name <common-name>: The Common Name (CN) attribute to be included in the CSR's Distinguished Name (DN).
  • --c, --country, --region <country>: The Country or Region (C) attribute for the CSR's DN.
  • --dc, --domain-component <domain-component>: The Domain Component (DC) attribute for the CSR's DN.
  • --e, --email <email>: The Email Address (E) attribute for the CSR's DN.
  • --city, --l, --locality <locality>: The Locality (L) attribute for the CSR's DN, typically represents the city or locality.
  • --organizational-unit, --ou <organizational-unit>: The Organizational Unit (OU) attribute for the CSR's DN, typically represents the department within an organization.
  • --o, --organization <organization>: The Organization (O) attribute for the CSR's DN.
  • --province, --st, --state <province>: The State or Province (ST) attribute for the CSR's DN.
  • --s-dns, --san-dns <san-dns>: [Multiple] DNS name to be added to the Subject Alternative Name (SAN) extension.
  • --s-e, --san-email <san-email>: [Multiple] Email address to be added to the SAN extension.
  • --s-ip, --san-ip <san-ip>: [Multiple] IP address to be added to the SAN extension.
  • --s-uri, --san-uri <san-uri>: [Multiple] URI to be added to the SAN extension.
  • --s-upn, --san-user-principal-name <san-user-principal-name>: [Multiple] User Principal Name (UPN) to be added to the SAN extension.
  • --oid <oid>: [EXPERIMENTAL] [Multiple] Specify custom OID values in the form of o.i.d=value.
  • --version: Show version information.
  • -?, -h, --help: Show help and usage information.