From ac0d98783b3350dd04ea2fd1efb2631d76bdf5cc Mon Sep 17 00:00:00 2001 From: "J.L.M" <57787248+JMarkstrom@users.noreply.github.com> Date: Wed, 11 Feb 2026 14:20:10 +0100 Subject: [PATCH 01/21] Add support for importing and exporting large blobs --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 18f5e5a..7c8115e 100644 --- a/.gitignore +++ b/.gitignore @@ -365,3 +365,4 @@ FodyWeavers.xsd /powershellYK.psd1 /.cursorrules /Docs/Cookbook/Set-BIO-random-PIN.ps1 +/Docs/Cookbook/Enroll-FIDO2-On-Behalf-Of-Mock-IdP.ps1 From b670763ac66b5da59f904b37438f409886de6f0d Mon Sep 17 00:00:00 2001 From: "J.L.M" <57787248+JMarkstrom@users.noreply.github.com> Date: Wed, 11 Feb 2026 14:21:14 +0100 Subject: [PATCH 02/21] Add import and export support for large blobs on the FIDO applet. --- Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs | 294 +++++++++++++++++- .../FIDO2/GetYubikeyFIDO2Credential.cs | 29 +- Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs | 282 +++++++++++++++++ Module/powershellYK.csproj | 2 +- 4 files changed, 598 insertions(+), 9 deletions(-) diff --git a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs index ed87aef..314188b 100644 --- a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs @@ -1,4 +1,4 @@ -/// +/// /// Retrieves information about the FIDO2 applet on a YubiKey. /// Returns details about supported features, capabilities, and current settings. /// Requires a YubiKey with FIDO2 support and administrator privileges on Windows. @@ -10,6 +10,14 @@ /// .EXAMPLE /// Get-YubiKeyFIDO2 | Format-List /// Returns detailed FIDO2 information in a list format +/// +/// .EXAMPLE +/// Get-YubiKeyFIDO2 -LargeBlob -OutFile fileName.txt -RelyingPartyID "demo.yubico.com" +/// Exports a large blob to file when there is no more than one credential for the Relying Party on the YubiKey +/// +/// .EXAMPLE +/// Get-YubiKeyFIDO2 -LargeBlob -OutFile fileName.txt -CredentialId "19448fe...67ab9207071e" +/// Exports a large blob to file for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) /// // Imports @@ -18,12 +26,64 @@ using Yubico.YubiKey.Fido2; using powershellYK.FIDO2; using powershellYK.support; +using Yubico.YubiKey.Cryptography; +using System.Security.Cryptography; +using Newtonsoft.Json; +using powershellYK.support.validators; namespace powershellYK.Cmdlets.Fido { - [Cmdlet(VerbsCommon.Get, "YubiKeyFIDO2")] + [Cmdlet(VerbsCommon.Get, "YubiKeyFIDO2", DefaultParameterSetName = "GetInfo")] public class GetYubikeyFIDO2Cmdlet : PSCmdlet { + // Parameters for large blob export + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Export large blob for the specified credential" + )] + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Export large blob for the specified relying party" + )] + public SwitchParameter LargeBlob { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Credential ID (hex or base64url string) to export large blob for." + )] + public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Relying Party ID (Origin), or relying party display name if unique, to export large blob for." + )] + [Alias("RP", "Origin")] + [ValidateNotNullOrEmpty] + public string? RelyingPartyID { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Output file path for the exported large blob" + )] + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Output file path for the exported large blob" + )] + [ValidatePath(fileMustExist: false, fileMustNotExist: true)] + public System.IO.FileInfo? OutFile { get; set; } + // Initialize processing and verify requirements protected override void BeginProcessing() { @@ -40,6 +100,25 @@ protected override void BeginProcessing() WriteDebug($"Successfully connected"); } + // Connect to FIDO2 if exporting large blob + if (ParameterSetName == "Export LargeBlob" || ParameterSetName == "Export LargeBlob by RelyingPartyID") + { + if (YubiKeyModule._fido2PIN is null) + { + WriteDebug("No FIDO2 session has been authenticated, calling Connect-YubikeyFIDO2..."); + var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-YubikeyFIDO2"); + if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction")) + { + myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]); + } + myPowersShellInstance.Invoke(); + if (YubiKeyModule._fido2PIN is null) + { + throw new Exception("Connect-YubikeyFIDO2 failed to connect to the FIDO2 applet!"); + } + } + } + // Check if running as Administrator if (Windows.IsRunningAsAdministrator() == false) { @@ -52,9 +131,214 @@ protected override void ProcessRecord() { using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!)) { - // Get and output FIDO2 authenticator information - AuthenticatorInfo info = fido2Session.AuthenticatorInfo; - WriteObject(new Information(info)); + if (ParameterSetName == "Export LargeBlob" || ParameterSetName == "Export LargeBlob by RelyingPartyID") + { + fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate; + + // Verify the YubiKey supports large blobs + if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) + { + throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); + } + WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); + + if (OutFile is null) + { + throw new ArgumentException("You must enter a valid output file path.", nameof(OutFile)); + } + + // Resolve target credential and corresponding relying party. + RelyingParty? credentialRelyingParty = null; + var relyingParties = fido2Session.EnumerateRelyingParties(); + powershellYK.FIDO2.CredentialID selectedCredentialId; + if (ParameterSetName == "Export LargeBlob by RelyingPartyID") + { + if (string.IsNullOrWhiteSpace(RelyingPartyID)) + { + throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when exporting a large blob by RelyingPartyID."); + } + + var matchingRps = relyingParties.Where(rpMatch => + string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || + (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) + .ToList(); + + if (matchingRps.Count == 0) + { + throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); + } + if (matchingRps.Count > 1) + { + string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); + throw new InvalidOperationException( + $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + + "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); + } + + credentialRelyingParty = matchingRps[0]; + try + { + var credentialsForRp = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); + if (credentialsForRp.Count == 0) + { + throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); + } + if (credentialsForRp.Count > 1) + { + string candidateCredentialIds = string.Join(", ", + credentialsForRp.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); + throw new InvalidOperationException( + $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForRp.Count}). " + + $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to export."); + } + + selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForRp[0].CredentialId; + } + catch (NotSupportedException) + { + throw new InvalidOperationException( + $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); + } + } + else + { + // Ensure a credential ID was supplied + if (CredentialId is null) + { + throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when exporting a large blob."); + } + + selectedCredentialId = CredentialId.Value; + byte[] credentialIdBytes = selectedCredentialId.ToByte(); + + foreach (RelyingParty currentRp in relyingParties) + { + try + { + var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); + foreach (var credInfo in credentials) + { + if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) + { + credentialRelyingParty = currentRp; + break; + } + } + if (credentialRelyingParty is not null) + { + break; + } + } + catch (NotSupportedException) + { + // Skip relying parties with unsupported algorithms + continue; + } + } + + if (credentialRelyingParty is null) + { + throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); + } + } + WriteDebug($"Step 2: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); + + // Create client data hash for GetAssertion + byte[] challengeBytes = new byte[32]; + RandomNumberGenerator.Fill(challengeBytes); + var clientData = new + { + type = "webauthn.get", + origin = $"https://{credentialRelyingParty.Id}", + challenge = Convert.ToBase64String(challengeBytes) + }; + var clientDataJSON = JsonConvert.SerializeObject(clientData); + var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); + var digester = CryptographyProviders.Sha256Creator(); + _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); + ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); + WriteDebug($"Step 3: Client data hash created for origin '{clientData.origin}'."); + + // Perform GetAssertion to retrieve the largeBlobKey + var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); + + // Add the credential ID to the allow list (for non-resident keys) + gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); + + // Request the largeBlobKey extension + gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); + + // Execute assertion ceremony + Console.WriteLine("Touch the YubiKey..."); + var assertions = fido2Session.GetAssertions(gaParams); + if (assertions.Count == 0) + { + throw new InvalidOperationException("GetAssertion returned no assertions."); + } + + // Retrieve the per-credential largeBlobKey + var retrievedKey = assertions[0].LargeBlobKey; + if (retrievedKey is null) + { + throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); + } + WriteDebug($"Step 4: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); + + // Get the current serialized Large Blob array from the authenticator + var blobArray = fido2Session.GetSerializedLargeBlobArray(); + WriteDebug($"Step 5: Current large blob array loaded ({blobArray.Entries.Count} entries)."); + + byte[]? blobData = null; + int matchingEntryCount = 0; + int selectedEntryIndex = -1; + + // Iterate entries and decrypt with this credential's largeBlobKey. + // If multiple entries match, pick the newest (highest index). + for (int i = 0; i < blobArray.Entries.Count; i++) + { + if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out Memory decrypted)) + { + matchingEntryCount++; + blobData = decrypted.ToArray(); + selectedEntryIndex = i; + } + } + + if (matchingEntryCount == 0 || blobData is null) + { + throw new InvalidOperationException($"No large blob entry found for credential '{selectedCredentialId}'."); + } + if (matchingEntryCount > 1) + { + WriteWarning( + $"Found {matchingEntryCount} large blob entries for credential '{selectedCredentialId}'. " + + $"Using newest entry at index {selectedEntryIndex}. " + + "Use Set-YubiKeyFIDO2 -LargeBlob and choose overwrite to compact to a single entry."); + } + WriteDebug($"Step 6: Blob entry selected from index {selectedEntryIndex} ({blobData.Length} bytes)."); + + WriteDebug($"Step 7: Writing blob data to '{OutFile.FullName}'."); + // Write the blob data to the output file + string resolvedPath = GetUnresolvedProviderPathFromPSPath(OutFile.FullName); + try + { + System.IO.File.WriteAllBytes(resolvedPath, blobData); + } + catch (Exception ex) + { + throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); + } + + WriteInformation( + $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", + new[] { "FIDO2", "LargeBlob" }); + } + else + { + // Get and output FIDO2 authenticator information + AuthenticatorInfo info = fido2Session.AuthenticatorInfo; + WriteObject(new Information(info)); + } } } } diff --git a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2Credential.cs b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2Credential.cs index e5c8d1c..25e8f75 100644 --- a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2Credential.cs +++ b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2Credential.cs @@ -1,4 +1,4 @@ -/// +/// /// Retrieves FIDO2 credentials stored on a YubiKey. /// Lists all credentials or retrieves a specific credential by ID. /// Requires a YubiKey with FIDO2 support and administrator privileges on Windows. @@ -14,6 +14,10 @@ /// .EXAMPLE /// Get-YubiKeyFIDO2Credential -CredentialIdBase64Url "base64url_encoded_id" /// Retrieves a specific FIDO2 credential using its Base64URL encoded ID +/// +/// .EXAMPLE +/// Get-YubiKeyFIDO2Credential -RelyingPartyID "demo.yubico.com" +/// Lists credentials for a specific Relying Party ID (or Origin) /// // Imports @@ -39,6 +43,11 @@ public class GetYubikeyFIDO2CredentialsCommand : PSCmdlet [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Credential ID to remove int Base64 URL encoded format", ParameterSetName = "List-CredentialID-Base64URL")] public string? CredentialIdBase64Url { get; set; } = string.Empty; + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Filter credentials by relying party ID", ParameterSetName = "List-RelyingPartyID")] + [Alias("RP", "Origin")] + [ValidateNotNullOrEmpty] + public string? RelyingPartyID { get; set; } + // Initialize processing and verify requirements protected override void BeginProcessing() { @@ -69,7 +78,9 @@ protected override void BeginProcessing() protected override void ProcessRecord() { // Convert Base64URL credential ID if provided - if (!this.CredentialID.HasValue && CredentialIdBase64Url is not null) + if (ParameterSetName == "List-CredentialID-Base64URL" && + !this.CredentialID.HasValue && + !string.IsNullOrWhiteSpace(CredentialIdBase64Url)) { this.CredentialID = powershellYK.FIDO2.CredentialID.FromStringBase64URL(CredentialIdBase64Url); } @@ -81,6 +92,12 @@ protected override void ProcessRecord() // Enumerate all relying parties var relyingParties = fido2Session.EnumerateRelyingParties(); + if (ParameterSetName == "List-RelyingPartyID") + { + relyingParties = relyingParties + .Where(rp => string.Equals(rp.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase)) + .ToList(); + } if (!relyingParties.Any()) // Check if there are no relying parties { @@ -105,7 +122,13 @@ protected override void ProcessRecord() foreach (CredentialUserInfo user in relayCredentials) { - if (ParameterSetName == "List-All" || (user.CredentialId.Id.ToArray().SequenceEqual(this.CredentialID!.Value.ToByte()))) + bool includeCredential = + ParameterSetName == "List-All" || + ParameterSetName == "List-RelyingPartyID" || + (this.CredentialID.HasValue && + user.CredentialId.Id.ToArray().SequenceEqual(this.CredentialID.Value.ToByte())); + + if (includeCredential) { Credential credential = new Credential(relyingParty: relyingParty, credentialUserInfo: user); WriteObject(credential); diff --git a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs index 146a490..b40f329 100644 --- a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs @@ -19,6 +19,19 @@ /// .EXAMPLE /// Set-YubiKeyFIDO2 -MinimumPINRelyingParty "example.com" /// Sends minimum PIN length to specified relying party +/// +/// .EXAMPLE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -RelyingPartyID "demo.yubico.com" +/// Imports a file as a large blob when there is no more than one credential for the Relying Party on the YubiKey +/// +/// .EXAMPLE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" +/// Imports a file as a large blob for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) +/// +/// .EXAMPLE +/// cd C:\CODE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" -Force +/// Imports a file as a large blob and overwrites any existing blob entry for that credential without prompting /// using System.Management.Automation; // Windows PowerShell namespace. @@ -31,6 +44,9 @@ using System.Collections.ObjectModel; using Yubico.YubiKey.Piv; using Microsoft.VisualBasic; +using Yubico.YubiKey.Cryptography; +using System.Security.Cryptography; +using Newtonsoft.Json; namespace powershellYK.Cmdlets.Fido { @@ -52,6 +68,54 @@ public class SetYubikeyFIDO2Cmdlet : PSCmdlet, IDynamicParameters [Parameter(Mandatory = true, ParameterSetName = "Send MinimumPIN to RelyingParty", ValueFromPipeline = false, HelpMessage = "To which RelyingParty should minimum PIN be sent")] public string? MinimumPINRelyingParty { get; set; } + // Parameters for large blob import + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "File to import as large blob" + )] + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "File to import as large blob" + )] + [ValidatePath(fileMustExist: true, fileMustNotExist: false)] + public System.IO.FileInfo? LargeBlob { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Credential ID (hex or base64url string) to associate with the large blob array." + )] + public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Relying party ID, or relying party display name if unique, to associate with the large blob." + )] + [Alias("RP", "Origin")] + [ValidateNotNullOrEmpty] + public string? RelyingPartyID { get; set; } + + [Parameter( + Mandatory = false, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Overwrite existing large blob entry for this credential without prompting." + )] + [Parameter( + Mandatory = false, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Overwrite existing large blob entry for this credential without prompting." + )] + public SwitchParameter Force { get; set; } + // Get dynamic parameters based on YubiKey state public object GetDynamicParameters() { @@ -249,6 +313,224 @@ protected override void ProcessRecord() throw new Exception("Failed to set RelyingParty that will be sent Minimum PIN length."); } break; + + case "Set LargeBlob": + case "Set LargeBlob by RelyingPartyID": + // Verify the YubiKey supports large blobs + if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) + { + throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); + } + WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); + + if (LargeBlob is null) + { + throw new ArgumentException("You must enter a valid file path.", nameof(LargeBlob)); + } + + // Resolve and read the input file + string resolvedPath = GetUnresolvedProviderPathFromPSPath(LargeBlob.FullName); + byte[] blobData; + try + { + blobData = System.IO.File.ReadAllBytes(resolvedPath); + WriteDebug($"Step 2: Input file loaded from '{LargeBlob.FullName}' ({blobData.Length} bytes)."); + } + catch (Exception ex) + { + throw new IOException($"Failed to read large blob data from file '{LargeBlob}'.", ex); + } + + // Resolve target credential and corresponding relying party. + RelyingParty? credentialRelyingParty = null; + var relyingParties = fido2Session.EnumerateRelyingParties(); + powershellYK.FIDO2.CredentialID selectedCredentialId; + if (ParameterSetName == "Set LargeBlob by RelyingPartyID") + { + if (string.IsNullOrWhiteSpace(RelyingPartyID)) + { + throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when setting a large blob by RelyingPartyID."); + } + + var matchingRps = relyingParties.Where(rpMatch => + string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || + (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) + .ToList(); + + if (matchingRps.Count == 0) + { + throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); + } + if (matchingRps.Count > 1) + { + string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); + throw new InvalidOperationException( + $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + + "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); + } + + credentialRelyingParty = matchingRps[0]; + try + { + var credentialsForOrigin = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); + if (credentialsForOrigin.Count == 0) + { + throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); + } + if (credentialsForOrigin.Count > 1) + { + string candidateCredentialIds = string.Join(", ", + credentialsForOrigin.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); + throw new InvalidOperationException( + $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForOrigin.Count}). " + + $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to use."); + } + + selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForOrigin[0].CredentialId; + } + catch (NotSupportedException) + { + throw new InvalidOperationException( + $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); + } + } + else + { + // Ensure a credential ID was supplied + if (CredentialId is null) + { + throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when setting a large blob."); + } + + selectedCredentialId = CredentialId.Value; + byte[] credentialIdBytes = selectedCredentialId.ToByte(); + + foreach (RelyingParty currentRp in relyingParties) + { + try + { + var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); + foreach (var credInfo in credentials) + { + if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) + { + credentialRelyingParty = currentRp; + break; + } + } + if (credentialRelyingParty is not null) + { + break; + } + } + catch (NotSupportedException) + { + // Skip relying parties with unsupported algorithms + continue; + } + } + + if (credentialRelyingParty is null) + { + throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); + } + } + WriteDebug($"Step 3: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); + + // Create client data hash for GetAssertion + byte[] challengeBytes = new byte[32]; + RandomNumberGenerator.Fill(challengeBytes); + var clientData = new + { + type = "webauthn.get", + origin = $"https://{credentialRelyingParty.Id}", + challenge = Convert.ToBase64String(challengeBytes) + }; + var clientDataJSON = JsonConvert.SerializeObject(clientData); + var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); + var digester = CryptographyProviders.Sha256Creator(); + _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); + ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); + WriteDebug($"Step 4: Client data hash created for origin '{clientData.origin}'."); + + // Perform GetAssertion to retrieve the largeBlobKey + var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); + + // Add the credential ID to the allow list (for non-resident keys) + gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); + + // Request the largeBlobKey extension + gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); + + // Execute assertion ceremony + Console.WriteLine("Touch the YubiKey..."); + var assertions = fido2Session.GetAssertions(gaParams); + if (assertions.Count == 0) + { + throw new InvalidOperationException("GetAssertion returned no assertions."); + } + + // Retrieve the per-credential largeBlobKey + var retrievedKey = assertions[0].LargeBlobKey; + if (retrievedKey is null) + { + throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); + } + WriteDebug($"Step 5: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); + + // Get the current serialized Large Blob array from the authenticator + var blobArray = fido2Session.GetSerializedLargeBlobArray(); + WriteDebug($"Step 6: Current large blob array loaded ({blobArray.Entries.Count} entries)."); + + // Enforce one entry per credential key by detecting existing decryptable entries. + var matchingEntryIndexes = new List(); + for (int i = 0; i < blobArray.Entries.Count; i++) + { + if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out _)) + { + matchingEntryIndexes.Add(i); + } + } + + if (matchingEntryIndexes.Count > 0) + { + string existingMsg = + $"Found {matchingEntryIndexes.Count} existing large blob entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")} " + + $"for relying party '{credentialRelyingParty.Id}'."; + WriteWarning(existingMsg); + + bool overwriteExisting = Force.IsPresent; + if (!overwriteExisting) + { + overwriteExisting = ShouldContinue( + $"{existingMsg} Overwrite existing entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")}?", + "Large blob entry already exists"); + } + + if (!overwriteExisting) + { + WriteWarning("Operation cancelled by user. Existing large blob entries were left unchanged."); + return; + } + + for (int i = matchingEntryIndexes.Count - 1; i >= 0; i--) + { + blobArray.RemoveEntry(matchingEntryIndexes[i]); + } + } + + WriteDebug($"Step 7: Adding blob entry ({blobData.Length} bytes)."); + // Add a new encrypted entry, binding the data to the retrieved largeBlobKey + blobArray.AddEntry(blobData, retrievedKey.Value); + + WriteDebug("Step 8: Writing updated large blob array to YubiKey..."); + // Write the updated Large Blob array back to the authenticator + fido2Session.SetSerializedLargeBlobArray(blobArray); + + WriteInformation( + $"FIDO2 large blob entry added successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", + new[] { "FIDO2", "LargeBlob" }); + break; } } } diff --git a/Module/powershellYK.csproj b/Module/powershellYK.csproj index 833e20b..c41e162 100644 --- a/Module/powershellYK.csproj +++ b/Module/powershellYK.csproj @@ -49,7 +49,7 @@ - + From d6528e239a93a54388c914140843cd837f075b0b Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Thu, 19 Mar 2026 20:18:08 +0100 Subject: [PATCH 03/21] Fix lint issues --- .../BIO/RenameYubiKeyBIOFingerprint.cs | 2 +- Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs | 4 +- Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs | 4 +- Module/Cmdlets/PIV/GetYubikeyPIV.cs | 16 ++--- Module/Cmdlets/PIV/NewYubikeyPIVKey.cs | 18 ++--- Module/support/PowershellYKText.cs | 66 ++++++++++++------- 6 files changed, 63 insertions(+), 47 deletions(-) diff --git a/Module/Cmdlets/BIO/RenameYubiKeyBIOFingerprint.cs b/Module/Cmdlets/BIO/RenameYubiKeyBIOFingerprint.cs index 8d843a4..62185e6 100644 --- a/Module/Cmdlets/BIO/RenameYubiKeyBIOFingerprint.cs +++ b/Module/Cmdlets/BIO/RenameYubiKeyBIOFingerprint.cs @@ -73,7 +73,7 @@ protected override void ProcessRecord() default: throw new Exception("Invalid ParameterSetName"); - }; + } if (fingerprint is not null) { diff --git a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs index 314188b..a04922d 100644 --- a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs @@ -261,10 +261,10 @@ protected override void ProcessRecord() // Perform GetAssertion to retrieve the largeBlobKey var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); - + // Add the credential ID to the allow list (for non-resident keys) gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); - + // Request the largeBlobKey extension gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); diff --git a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs index b40f329..ab4da46 100644 --- a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs @@ -455,10 +455,10 @@ protected override void ProcessRecord() // Perform GetAssertion to retrieve the largeBlobKey var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); - + // Add the credential ID to the allow list (for non-resident keys) gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); - + // Request the largeBlobKey extension gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); diff --git a/Module/Cmdlets/PIV/GetYubikeyPIV.cs b/Module/Cmdlets/PIV/GetYubikeyPIV.cs index 82c64b8..75ad471 100644 --- a/Module/Cmdlets/PIV/GetYubikeyPIV.cs +++ b/Module/Cmdlets/PIV/GetYubikeyPIV.cs @@ -111,14 +111,14 @@ protected override void ProcessRecord() // Get supported algorithms List supportedAlgorithms = new List(); - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa1024)) { supportedAlgorithms.Add("Rsa1024"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa2048)) { supportedAlgorithms.Add("Rsa2048"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa3072)) { supportedAlgorithms.Add("Rsa3072"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa4096)) { supportedAlgorithms.Add("Rsa4096"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP256)) { supportedAlgorithms.Add("EcP256"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP384)) { supportedAlgorithms.Add("EcP384"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { supportedAlgorithms.Add("Ed25519"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { supportedAlgorithms.Add("X25519"); }; + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa1024)) { supportedAlgorithms.Add("Rsa1024"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa2048)) { supportedAlgorithms.Add("Rsa2048"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa3072)) { supportedAlgorithms.Add("Rsa3072"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa4096)) { supportedAlgorithms.Add("Rsa4096"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP256)) { supportedAlgorithms.Add("EcP256"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP384)) { supportedAlgorithms.Add("EcP384"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { supportedAlgorithms.Add("Ed25519"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { supportedAlgorithms.Add("X25519"); } // Get CHUID information CardholderUniqueId chuid; diff --git a/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs b/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs index 778afae..5019eda 100644 --- a/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs +++ b/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs @@ -56,16 +56,16 @@ public object GetDynamicParameters() if (YubiKeyModule._yubikey is not null) { // Check for supported RSA algorithms - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa1024)) { availableAlgorithms.Add("Rsa1024"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa2048)) { availableAlgorithms.Add("Rsa2048"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa3072)) { availableAlgorithms.Add("Rsa3072"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa4096)) { availableAlgorithms.Add("Rsa4096"); }; - + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa1024)) { availableAlgorithms.Add("Rsa1024"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa2048)) { availableAlgorithms.Add("Rsa2048"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa3072)) { availableAlgorithms.Add("Rsa3072"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa4096)) { availableAlgorithms.Add("Rsa4096"); } + // Check for supported ECC algorithms - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP256)) { availableAlgorithms.Add("EcP256"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP384)) { availableAlgorithms.Add("EcP384"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { availableAlgorithms.Add("Ed25519"); }; - if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { availableAlgorithms.Add("X25519"); }; + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP256)) { availableAlgorithms.Add("EcP256"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP384)) { availableAlgorithms.Add("EcP384"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { availableAlgorithms.Add("Ed25519"); } + if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivCurve25519)) { availableAlgorithms.Add("X25519"); } } else { diff --git a/Module/support/PowershellYKText.cs b/Module/support/PowershellYKText.cs index 15e74b2..9b8b516 100644 --- a/Module/support/PowershellYKText.cs +++ b/Module/support/PowershellYKText.cs @@ -42,22 +42,22 @@ public static string FriendlyName(YubiKeyDevice yubiKeyDevice) // Use the information to generate a friendly name - if (family == 2 || family == 3) { return "YubiKey Standard"; }; + if (family == 2 || family == 3) { return "YubiKey Standard"; } if (family == 4) { if (isFips) { - if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey FIPS (4 Series)"; }; - if (formFactor == FormFactor.UsbANano) { return "YubiKey Nano FIPS (4 Series)"; }; - if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey C FIPS (4 Series)"; }; - if (formFactor == FormFactor.UsbCNano) { return "YubiKey C Nano FIPS (4 Series)"; }; + if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey FIPS (4 Series)"; } + if (formFactor == FormFactor.UsbANano) { return "YubiKey Nano FIPS (4 Series)"; } + if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey C FIPS (4 Series)"; } + if (formFactor == FormFactor.UsbCNano) { return "YubiKey C Nano FIPS (4 Series)"; } } else { - if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey (4 Series)"; }; - if (formFactor == FormFactor.UsbANano) { return "YubiKey Nano (4 Series)"; }; - if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey C (4 Series)"; }; - if (formFactor == FormFactor.UsbCNano) { return "YubiKey C Nano (4 Series)"; }; + if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey (4 Series)"; } + if (formFactor == FormFactor.UsbANano) { return "YubiKey Nano (4 Series)"; } + if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey C (4 Series)"; } + if (formFactor == FormFactor.UsbCNano) { return "YubiKey C Nano (4 Series)"; } } } @@ -81,35 +81,51 @@ public static string FriendlyName(YubiKeyDevice yubiKeyDevice) { if (isPIV) // Multi-Protocol Edition (AKA "MPE") { - if (formFactor == FormFactor.UsbABiometricKeychain) { return "YubiKey Bio - Multi-Protocol Edition"; }; - if (formFactor == FormFactor.UsbCBiometricKeychain) { return "YubiKey C Bio - Multi-Protocol Edition"; }; + if (formFactor == FormFactor.UsbABiometricKeychain) { return "YubiKey Bio - Multi-Protocol Edition"; } + ; + if (formFactor == FormFactor.UsbCBiometricKeychain) { return "YubiKey C Bio - Multi-Protocol Edition"; } + ; } else // FIDO Edition { - if (formFactor == FormFactor.UsbABiometricKeychain) { return "YubiKey Bio - FIDO Edition"; }; - if (formFactor == FormFactor.UsbCBiometricKeychain) { return "YubiKey C Bio - FIDO Edition"; }; + if (formFactor == FormFactor.UsbABiometricKeychain) { return "YubiKey Bio - FIDO Edition"; } + ; + if (formFactor == FormFactor.UsbCBiometricKeychain) { return "YubiKey C Bio - FIDO Edition"; } + ; } } else if (isFips) // YubiKey 5 Series (FIPS) { - if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5 NFC FIPS"; }; - if (formFactor == FormFactor.UsbANano) { return "YubiKey 5 Nano FIPS"; }; - if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C FIPS"; }; - if (formFactor == FormFactor.UsbCNano) { return "YubiKey 5C Nano FIPS"; }; - if (formFactor == FormFactor.UsbCLightning) { return "YubiKey 5Ci FIPS"; }; + if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5 NFC FIPS"; } + ; + if (formFactor == FormFactor.UsbANano) { return "YubiKey 5 Nano FIPS"; } + ; + if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C FIPS"; } + ; + if (formFactor == FormFactor.UsbCNano) { return "YubiKey 5C Nano FIPS"; } + ; + if (formFactor == FormFactor.UsbCLightning) { return "YubiKey 5Ci FIPS"; } + ; } else if (isNFC) // YubiKey 5 Series (standard) { - if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5 NFC"; }; - if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C NFC"; }; + if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5 NFC"; } + ; + if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C NFC"; } + ; } else { - if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5"; }; - if (formFactor == FormFactor.UsbANano) { return "YubiKey 5 Nano"; }; - if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C"; }; - if (formFactor == FormFactor.UsbCNano) { return "YubiKey 5C Nano"; }; - if (formFactor == FormFactor.UsbCLightning) { return "YubiKey 5Ci"; }; + if (formFactor == FormFactor.UsbAKeychain) { return "YubiKey 5"; } + ; + if (formFactor == FormFactor.UsbANano) { return "YubiKey 5 Nano"; } + ; + if (formFactor == FormFactor.UsbCKeychain) { return "YubiKey 5C"; } + ; + if (formFactor == FormFactor.UsbCNano) { return "YubiKey 5C Nano"; } + ; + if (formFactor == FormFactor.UsbCLightning) { return "YubiKey 5Ci"; } + ; } } } From 45b224205d556f676fc556c55c729e63f629305a Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Thu, 19 Mar 2026 23:53:16 +0100 Subject: [PATCH 04/21] Add Export-EybiKeyFIDO2Blob --- .../Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs | 317 ++++++++++++++++++ Module/powershellYK.psd1 | 1 + 2 files changed, 318 insertions(+) create mode 100644 Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs diff --git a/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs new file mode 100644 index 0000000..04f749f --- /dev/null +++ b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs @@ -0,0 +1,317 @@ +/// +/// Allows the return of a large blob associated with a FIDO2 credential, which may contain additional metadata or state information for that credential. +/// Requires a YubiKey with FIDO2 support and administrator privileges on Windows´. +/// +/// .EXAMPLE +/// Export-YubiKeyFIDO2Blob -OutFile fileName.txt -RelyingPartyID "demo.yubico.com" +/// Exports a large blob to file when there is no more than one credential for the Relying Party on the YubiKey +/// +/// .EXAMPLE +/// Export-YubiKeyFIDO2Blob -OutFile fileName.txt -CredentialId "19448fe...67ab9207071e" +/// Exports a large blob to file for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) +/// + +// Imports +using System.Management.Automation; // Windows PowerShell namespace. +using Yubico.YubiKey; +using Yubico.YubiKey.Fido2; +using powershellYK.FIDO2; +using powershellYK.support; +using Yubico.YubiKey.Cryptography; +using System.Security.Cryptography; +using Newtonsoft.Json; +using powershellYK.support.validators; + +namespace powershellYK.Cmdlets.Fido +{ + [Cmdlet(VerbsData.Export, "YubiKeyFIDO2Blob")] + public class ExportYubikeyFIDO2BlobCmdlet : PSCmdlet + { + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Credential ID (hex or base64url string) to export large blob for." + )] + public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Export LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Relying Party ID (Origin), or relying party display name if unique, to export large blob for." + )] + [Alias("RP", "Origin")] + [ValidateNotNullOrEmpty] + public string? RelyingPartyID { get; set; } + + [Parameter( + Mandatory = false, + ParameterSetName = "Export LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Output file path for the exported large blob" + )] + [Parameter( + Mandatory = false, + ParameterSetName = "Export LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Output file path for the exported large blob" + )] + [ValidatePath(fileMustExist: false, fileMustNotExist: true)] + public required System.IO.FileInfo OutFile { get; set; } + + // Initialize processing and verify requirements + protected override void BeginProcessing() + { + // Check if running as Administrator + if (Windows.IsRunningAsAdministrator() == false) + { + throw new Exception("FIDO access on Windows requires running as Administrator."); + } + + // Connect to YubiKey if not already connected + if (YubiKeyModule._yubikey is null) + { + WriteDebug("No YubiKey selected, calling Connect-Yubikey..."); + var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-Yubikey"); + if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction")) + { + myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]); + } + myPowersShellInstance.Invoke(); + WriteDebug($"Successfully connected"); + } + + // Connect to FIDO2 if exporting large blob + if (ParameterSetName == "Export LargeBlob" || ParameterSetName == "Export LargeBlob by RelyingPartyID") + { + if (YubiKeyModule._fido2PIN is null) + { + WriteDebug("No FIDO2 session has been authenticated, calling Connect-YubikeyFIDO2..."); + var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-YubikeyFIDO2"); + if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction")) + { + myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]); + } + myPowersShellInstance.Invoke(); + if (YubiKeyModule._fido2PIN is null) + { + throw new Exception("Connect-YubikeyFIDO2 failed to connect to the FIDO2 applet!"); + } + } + } + } + + // Process the main cmdlet logic + protected override void ProcessRecord() + { + using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!)) + { + fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate; + + // Verify the YubiKey supports large blobs + if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) + { + throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); + } + WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); + + // Resolve target credential and corresponding relying party. + RelyingParty? credentialRelyingParty = null; + var relyingParties = fido2Session.EnumerateRelyingParties(); + powershellYK.FIDO2.CredentialID selectedCredentialId; + if (ParameterSetName == "Export LargeBlob by RelyingPartyID") + { + if (string.IsNullOrWhiteSpace(RelyingPartyID)) + { + throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when exporting a large blob by RelyingPartyID."); + } + + var matchingRps = relyingParties.Where(rpMatch => + string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || + (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) + .ToList(); + + if (matchingRps.Count == 0) + { + throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); + } + if (matchingRps.Count > 1) + { + string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); + throw new InvalidOperationException( + $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + + "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); + } + + credentialRelyingParty = matchingRps[0]; + try + { + var credentialsForRp = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); + if (credentialsForRp.Count == 0) + { + throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); + } + if (credentialsForRp.Count > 1) + { + string candidateCredentialIds = string.Join(", ", + credentialsForRp.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); + throw new InvalidOperationException( + $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForRp.Count}). " + + $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to export."); + } + + selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForRp[0].CredentialId; + } + catch (NotSupportedException) + { + throw new InvalidOperationException( + $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); + } + } + else + { + // Ensure a credential ID was supplied + if (CredentialId is null) + { + throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when exporting a large blob."); + } + + selectedCredentialId = CredentialId.Value; + byte[] credentialIdBytes = selectedCredentialId.ToByte(); + + foreach (RelyingParty currentRp in relyingParties) + { + try + { + var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); + foreach (var credInfo in credentials) + { + if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) + { + credentialRelyingParty = currentRp; + break; + } + } + if (credentialRelyingParty is not null) + { + break; + } + } + catch (NotSupportedException) + { + // Skip relying parties with unsupported algorithms + continue; + } + } + + if (credentialRelyingParty is null) + { + throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); + } + } + WriteDebug($"Step 2: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); + + // Create client data hash for GetAssertion + byte[] challengeBytes = new byte[32]; + RandomNumberGenerator.Fill(challengeBytes); + var clientData = new + { + type = "webauthn.get", + origin = $"https://{credentialRelyingParty.Id}", + challenge = Convert.ToBase64String(challengeBytes) + }; + var clientDataJSON = JsonConvert.SerializeObject(clientData); + var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); + var digester = CryptographyProviders.Sha256Creator(); + _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); + ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); + WriteDebug($"Step 3: Client data hash created for origin '{clientData.origin}'."); + + // Perform GetAssertion to retrieve the largeBlobKey + var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); + + // Add the credential ID to the allow list (for non-resident keys) + gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); + + // Request the largeBlobKey extension + gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); + + // Execute assertion ceremony + Console.WriteLine("Touch the YubiKey..."); + var assertions = fido2Session.GetAssertions(gaParams); + if (assertions.Count == 0) + { + throw new InvalidOperationException("GetAssertion returned no assertions."); + } + + // Retrieve the per-credential largeBlobKey + var retrievedKey = assertions[0].LargeBlobKey; + if (retrievedKey is null) + { + throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); + } + WriteDebug($"Step 4: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); + + // Get the current serialized Large Blob array from the authenticator + var blobArray = fido2Session.GetSerializedLargeBlobArray(); + WriteDebug($"Step 5: Current large blob array loaded ({blobArray.Entries.Count} entries)."); + + byte[]? blobData = null; + int matchingEntryCount = 0; + int selectedEntryIndex = -1; + + // Iterate entries and decrypt with this credential's largeBlobKey. + // If multiple entries match, pick the newest (highest index). + for (int i = 0; i < blobArray.Entries.Count; i++) + { + if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out Memory decrypted)) + { + matchingEntryCount++; + blobData = decrypted.ToArray(); + selectedEntryIndex = i; + } + } + + if (matchingEntryCount == 0 || blobData is null) + { + throw new InvalidOperationException($"No large blob entry found for credential '{selectedCredentialId}'."); + } + if (matchingEntryCount > 1) + { + WriteWarning( + $"Found {matchingEntryCount} large blob entries for credential '{selectedCredentialId}'. " + + $"Using newest entry at index {selectedEntryIndex}. " + + "Use Set-YubiKeyFIDO2 -LargeBlob and choose overwrite to compact to a single entry."); + } + WriteDebug($"Step 6: Blob entry selected from index {selectedEntryIndex} ({blobData.Length} bytes)."); + + if (this.MyInvocation.BoundParameters.ContainsKey("OutFile")) + { + WriteDebug($"Step 7: Writing blob data to '{OutFile.FullName}'."); + // Write the blob data to the output file + string resolvedPath = GetUnresolvedProviderPathFromPSPath(OutFile.FullName); + try + { + System.IO.File.WriteAllBytes(resolvedPath, blobData); + } + catch (Exception ex) + { + throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); + } + } + else + { + WriteDebug($"Step 7: Writing blob data to output."); + // Write the blob data to the output + WriteObject(blobData); + } + + WriteInformation( + $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", + new[] { "FIDO2", "LargeBlob" }); + } + } + } +} + diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1 index 9f9303c..f468d79 100644 --- a/Module/powershellYK.psd1 +++ b/Module/powershellYK.psd1 @@ -83,6 +83,7 @@ CmdletsToExport = @( 'Unlock-YubiKey', 'Connect-YubiKeyFIDO2', 'Enable-YubiKeyFIDO2EnterpriseAttestation', + 'Export-YubiKeyFIDO2Blob', 'Get-YubiKeyFIDO2', 'Get-YubiKeyFIDO2Credential', 'New-YubiKeyFIDO2Credential', From 5f58ad17a72a7a94c6f48d110d1061ad6b49e8b0 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Fri, 20 Mar 2026 00:27:16 +0100 Subject: [PATCH 05/21] Readd the AssemblyLoadContext-loader (#188) Create own AssemblyLoadContext to stop the issues with missmatches between dependency versions This is readding from the 2024 code. --- .github/workflows/main.yaml | 15 +++- Module/powershellYK.psd1 | 2 +- build.ps1 | 6 +- powershellYK.sln | 10 +++ powershellYK_loader/loader.cs | 76 +++++++++++++++++++ .../powershellYK_loader.csproj | 14 ++++ 6 files changed, 118 insertions(+), 5 deletions(-) create mode 100644 powershellYK_loader/loader.cs create mode 100644 powershellYK_loader/powershellYK_loader.csproj diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index dd5ff13..ac34f51 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -43,14 +43,27 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - - name: Setup .NET + - name: Setup .NET 8 uses: actions/setup-dotnet@v2 with: dotnet-version: '8.x.x' # Specify the .NET version you're using + - name: Setup .NET 9 + uses: actions/setup-dotnet@v2 + with: + dotnet-version: '9.x.x' # Specify the .NET version you're using + + - name: Setup .NET 10 + uses: actions/setup-dotnet@v2 + with: + dotnet-version: '10.x.x' # Specify the .NET version you're using + - name: Install dependencies run: dotnet restore + - name: Build loader + run: dotnet build --no-restore -c Release powershellYK_loader/powershellYK_loader.csproj --output release + - name: Build run: dotnet build --no-restore -c Release Module/powershellYK.csproj --output release diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1 index f468d79..39d000a 100644 --- a/Module/powershellYK.psd1 +++ b/Module/powershellYK.psd1 @@ -66,7 +66,7 @@ PowerShellVersion = '7.0' # FormatsToProcess = @('powershellYK.format.ps1xml') # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -NestedModules = @() +NestedModules = @('powershellYK_loader.dll') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. # FunctionsToExport = @() diff --git a/build.ps1 b/build.ps1 index 65ba0df..7e2615f 100644 --- a/build.ps1 +++ b/build.ps1 @@ -4,11 +4,11 @@ if (Test-Path 'release') { $Directory = New-Item -Type Directory 'release' dotnet publish module --nologo --framework 'net8.0' --output "$($Directory.fullname)" -#dotnet publish powershellYK_loader --nologo --framework 'net8.0' --output "$($Directory.fullname)\loader" +dotnet publish powershellYK_loader --nologo --framework 'net8.0' --output "$($Directory.fullname)\loader" -#Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.dll" "$($Directory.fullname)\module" +Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.dll" "$($Directory.fullname)" #Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.pdb" "$($Directory.fullname)\module" -#Remove-Item -Recurse "$($Directory.fullname)\loader" +Remove-Item -Recurse "$($Directory.fullname)\loader" #Move-Item "$($Directory.fullname)\module\powershellYK.psd1" "$($Directory.fullname)" #Move-Item "$($Directory.fullname)\module\powershellYK.format.ps1xml" "$($Directory.fullname)" diff --git a/powershellYK.sln b/powershellYK.sln index d73954f..1a151a5 100644 --- a/powershellYK.sln +++ b/powershellYK.sln @@ -5,6 +5,8 @@ VisualStudioVersion = 17.9.34728.123 MinimumVisualStudioVersion = 10.0.40219.1 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "powershellYK", "Module\powershellYK.csproj", "{31A0A7CD-FE21-417D-9F8A-6F8E31915D10}" EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "powershellYK_loader", "powershellYK_loader\powershellYK_loader.csproj", "{176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -21,6 +23,14 @@ Global {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|Any CPU.Build.0 = Release|Any CPU {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|x64.ActiveCfg = Release|x64 {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|x64.Build.0 = Release|x64 + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|Any CPU.Build.0 = Debug|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|x64.ActiveCfg = Debug|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|x64.Build.0 = Debug|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|Any CPU.ActiveCfg = Release|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|Any CPU.Build.0 = Release|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|x64.ActiveCfg = Release|Any CPU + {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|x64.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE diff --git a/powershellYK_loader/loader.cs b/powershellYK_loader/loader.cs new file mode 100644 index 0000000..3154bae --- /dev/null +++ b/powershellYK_loader/loader.cs @@ -0,0 +1,76 @@ +// taken from https://github.com/PalmEmanuel/Isol8/blob/main/Source/Assets/ModuleIsolation.cs + +using System.Reflection; +using System.Management.Automation; +using System.Runtime.Loader; +using System.IO; + +namespace powershellYK_loader +{ + + // Implement interfaces for interacting with loading logic of PowerShell + public abstract class ModuleInitializer : IModuleAssemblyInitializer, IModuleAssemblyCleanup + { + // Create a new custom ALC and provide the directory + private static Isol8AssemblyLoadContext alc; + public ModuleInitializer(string assemblyName) + { + ModuleName = assemblyName; + alc = new Isol8AssemblyLoadContext(dependencyDirectory, assemblyName); + } + + // Runs when Import-Module is run on our module, but in this case also when referred to in NestedModules + public void OnImport() => AssemblyLoadContext.Default.Resolving += ResolveAssembly; + // Runs when user runs Remove-Module on our module + public void OnRemove(PSModuleInfo psModuleInfo) => AssemblyLoadContext.Default.Resolving -= ResolveAssembly; + + // Name of initializer assembly + public static string ModuleName { get; set; } + // Get directory of this assembly, and use that directory to load dependencies from + private static readonly string dependencyDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); + + // Resolve assembly by name if it's the Isol8 dll being loaded by the default ALC + // We know it's the default ALC because of OnImport above + public static Assembly? ResolveAssembly(AssemblyLoadContext defaultAlc, AssemblyName assemblyName) + { + return assemblyName.Name == ModuleName ? + alc.LoadFromAssemblyName(assemblyName) : + null; + } + } + + // We create our own ALC by inheriting from AssemblyLoadContext and overriding the Load() method + // We can also change the constructor to take a path which we load from, which we do here + public class Isol8AssemblyLoadContext : AssemblyLoadContext + { + // The path which we try to load the assemblies from + private readonly string dependencyDirectory; + + // We can call the base constructor to set a name for the ALC + // There are more options such as marking our ALC as collectible to enable unloading it, but that doesn't work with PowerShell + public Isol8AssemblyLoadContext(string path, string moduleName) : base(moduleName) + { + dependencyDirectory = path; + } + + // Override the Load() method and try to load the module as a DLL file in the provided directory if it exists + protected override Assembly Load(AssemblyName assemblyName) + { + var assemblyPath = Path.Join(dependencyDirectory, $"{assemblyName.Name}.dll"); + + // If it exists we can load it from the path + if (File.Exists(assemblyPath)) + { + return LoadFromAssemblyPath(assemblyPath); + } + + // Returning null once more lets the loader know that we didn't load the module, and lets it try something else + return null; + } + + } + public class powershellYKModuleInitializer : ModuleInitializer + { + public powershellYKModuleInitializer() : base("powershellYK") { } + } +} diff --git a/powershellYK_loader/powershellYK_loader.csproj b/powershellYK_loader/powershellYK_loader.csproj new file mode 100644 index 0000000..2ab749e --- /dev/null +++ b/powershellYK_loader/powershellYK_loader.csproj @@ -0,0 +1,14 @@ + + + + net8.0 + enable + enable + + + + + + + + From a22561c84ff4467f033bf65b8cc2adda01b37d53 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Thu, 19 Mar 2026 19:32:49 +0100 Subject: [PATCH 06/21] Update platyPS to 1.0.1 (#187) * Updated PlatyPS to Microsoft.PowerShell.PlatyPS 1.0.1 * Fix so all current documentation is build from code * Update code to fit what we want to have in documentation --- Docs/Commands/Assert-YubikeyPIV.md | 107 ++- Docs/Commands/Block-YubikeyPIV.md | 154 ++-- ...ild-YubiKeyPIVCertificateSigningRequest.md | 222 ++++-- .../Build-YubikeyPIVSignCertificate.md | 387 ++++++---- .../Commands/Confirm-YubiKeyPIVAttestation.md | 273 +++++-- Docs/Commands/Connect-Yubikey.md | 79 +- Docs/Commands/Connect-YubikeyFIDO2.md | 63 +- Docs/Commands/Connect-YubikeyOATH.md | 55 +- Docs/Commands/Connect-YubikeyPIV.md | 94 ++- Docs/Commands/ConvertTo-AltSecurity.md | 71 +- Docs/Commands/Disconnect-Yubikey.md | 30 +- ...nable-YubikeyFIDO2EnterpriseAttestation.md | 77 +- .../Commands/Enable-powershellYKSDKLogging.md | 31 +- Docs/Commands/Export-YubikeyPIVCertificate.md | 127 +++- Docs/Commands/Find-Yubikey.md | 79 +- Docs/Commands/Get-Yubikey.md | 29 +- Docs/Commands/Get-YubikeyBIOFingerprint.md | 29 +- Docs/Commands/Get-YubikeyFIDO2.md | 29 +- Docs/Commands/Get-YubikeyFIDO2Credential.md | 95 ++- Docs/Commands/Get-YubikeyOATH.md | 29 +- Docs/Commands/Get-YubikeyOATHAccount.md | 29 +- Docs/Commands/Get-YubikeyOTP.md | 29 +- Docs/Commands/Get-YubikeyPIV.md | 54 +- Docs/Commands/Get-powershellYKInfo.md | 37 +- Docs/Commands/Import-YubikeyPIV.md | 331 ++++++--- Docs/Commands/Lock-Yubikey.md | 53 +- Docs/Commands/Move-YubikeyPIV.md | 171 +++-- Docs/Commands/New-YubiKeyFIDO2Credential.md | 406 ++++++---- Docs/Commands/New-YubikeyOATHAccount.md | 260 ++++--- Docs/Commands/New-YubikeyPIVKey.md | 243 ++++-- Docs/Commands/New-YubikeyPIVSelfSign.md | 178 +++-- Docs/Commands/Protect-YubikeyOATH.md | 2 +- .../Register-YubikeyBIOFingerprint.md | 55 +- Docs/Commands/Remove-YubiKeyBIOFingerprint.md | 134 ++-- .../Commands/Remove-YubikeyFIDO2Credential.md | 166 +++-- Docs/Commands/Remove-YubikeyOATHAccount.md | 54 +- Docs/Commands/Remove-YubikeyOTP.md | 136 +++- Docs/Commands/Remove-YubikeyPIVKey.md | 112 ++- Docs/Commands/Rename-YubikeyBIOFingerprint.md | 106 ++- Docs/Commands/Rename-YubikeyOATHAccount.md | 109 ++- Docs/Commands/Request-YubikeyOATHCode.md | 78 +- Docs/Commands/Request-YubikeyOTPChallange.md | 114 ++- Docs/Commands/Reset-YubiKeyBioMPE.md | 84 ++- Docs/Commands/Reset-YubikeyFIDO2.md | 81 +- Docs/Commands/Reset-YubikeyOATH.md | 82 +- Docs/Commands/Reset-YubikeyPIV.md | 111 ++- Docs/Commands/Set-YubiKeyOATHPassword.md | 77 +- Docs/Commands/Set-YubiKeyOTPSlotAccessCode.md | 220 ++++-- Docs/Commands/Set-Yubikey.md | 401 ++++++---- Docs/Commands/Set-YubikeyFIDO2.md | 183 +++-- Docs/Commands/Set-YubikeyFIDO2PIN.md | 80 +- Docs/Commands/Set-YubikeyOTP.md | 702 +++++++++++++----- Docs/Commands/Set-YubikeyPIV.md | 523 ++++++++----- Docs/Commands/Switch-YubikeyOTP.md | 81 +- Docs/Commands/Unblock-YubikeyPIV.md | 146 ++-- Docs/Commands/Unlock-Yubikey.md | 55 +- Docs/Commands/Unprotect-YubikeyOATH.md | 81 +- Docs/Commands/powershellYK.md | 74 +- .../BIO/RegisterYubiKeyBIOFingerprint.cs | 2 +- Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs | 2 +- Module/Cmdlets/OTP/SetYubikeyOTP.cs | 8 +- ...uildYubiKeyPIVCertificateSigningRequest.cs | 6 +- .../PIV/BuildYubikeyPIVSignCertificate.cs | 2 +- Module/Cmdlets/PIV/ConnectYubikeyPIV.cs | 4 +- Module/Cmdlets/PIV/ImportYubiKeyPIV.cs | 8 +- Module/Cmdlets/Yubikey/ConnectYubikey.cs | 2 +- Module/Cmdlets/Yubikey/FindYubikey.cs | 2 +- Module/Cmdlets/Yubikey/SetYubikey.cs | 14 +- build.ps1 | 34 +- 69 files changed, 5556 insertions(+), 2426 deletions(-) diff --git a/Docs/Commands/Assert-YubikeyPIV.md b/Docs/Commands/Assert-YubikeyPIV.md index 3388bc5..d0f485e 100644 --- a/Docs/Commands/Assert-YubikeyPIV.md +++ b/Docs/Commands/Assert-YubikeyPIV.md @@ -1,33 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Assert-YubiKeyPIV ## SYNOPSIS + Create attestation certificate ## SYNTAX ### ExportToFile + ``` Assert-YubiKeyPIV -Slot -OutFile [] ``` ### DisplayOnScreen + ``` Assert-YubiKeyPIV -Slot [-PEMEncoded] [] ``` +## ALIASES + ## DESCRIPTION + Create and export attestation certificate for a slot ## EXAMPLES ### Example 1 + ```powershell PS C:\> Assert-YubikeyPIV -Slot 0x9a -OutFile attestation.cer ``` @@ -37,52 +46,80 @@ Creates and exports the attestation certificate for slot 0x9a ## PARAMETERS ### -OutFile -Location of attestation certificate + +Location of the attestation certificate ```yaml -Type: FileInfo -Parameter Sets: ExportToFile -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ExportToFile + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PEMEncoded -Encode output as PEM. + +Encode output as PEM ```yaml -Type: SwitchParameter -Parameter Sets: DisplayOnScreen -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: DisplayOnScreen + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot -YubiKey PIV Slot. + +Yubikey PIV Slot ```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ExportToFile + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: DisplayOnScreen + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -91,6 +128,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Block-YubikeyPIV.md b/Docs/Commands/Block-YubikeyPIV.md index 8bf1fc4..eeff554 100644 --- a/Docs/Commands/Block-YubikeyPIV.md +++ b/Docs/Commands/Block-YubikeyPIV.md @@ -1,38 +1,48 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Block-YubikeyPIV ## SYNOPSIS + Block out PIN or PUK codes ## SYNTAX ### BlockBoth + ``` -Block-YubikeyPIV [-PIN] [-PUK] [-WhatIf] [-Confirm] [] +Block-YubiKeyPIV -PIN -PUK [-WhatIf] [-Confirm] [] ``` ### BlockPIN + ``` -Block-YubikeyPIV [-PIN] [-WhatIf] [-Confirm] [] +Block-YubiKeyPIV -PIN [-WhatIf] [-Confirm] [] ``` ### BlockPUK + ``` -Block-YubikeyPIV [-PUK] [-WhatIf] [-Confirm] [] +Block-YubiKeyPIV -PUK [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Allows you to block the PIN and/or PUK for YubiKey PIV ## EXAMPLES ### Example 1 + ```powershell PS C:\> Block-YubikeyPIV -PUK ``` @@ -40,6 +50,7 @@ PS C:\> Block-YubikeyPIV -PUK Block the PUK code. ### Example 2 + ```powershell PS C:\> Block-YubikeyPIV -PUK -PIN ``` @@ -48,69 +59,110 @@ This blocks both the PIN and the PUK. ## PARAMETERS -### -PIN -Blocks the PIN +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: BlockBoth, BlockPIN +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -PUK -Block the PUK +### -PIN -```yaml -Type: SwitchParameter -Parameter Sets: BlockBoth, BlockPUK -Aliases: +Block the PIN for the PIV device -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: BlockBoth + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: BlockPIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -PUK + +Block the PUK for the PIV device ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: BlockBoth + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: BlockPUK + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -119,6 +171,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Build-YubiKeyPIVCertificateSigningRequest.md b/Docs/Commands/Build-YubiKeyPIVCertificateSigningRequest.md index 59bc52e..f41aced 100644 --- a/Docs/Commands/Build-YubiKeyPIVCertificateSigningRequest.md +++ b/Docs/Commands/Build-YubiKeyPIVCertificateSigningRequest.md @@ -1,36 +1,45 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Build-YubiKeyPIVCertificateSigningRequest ## SYNOPSIS + Creates a CSR for a slot in the YubiKey. ## SYNTAX ### With Attestation + ``` -Build-YubiKeyPIVCertificateSigningRequest -Slot [-Attestation] [-AttestationLocation ] - [-Subjectname ] [-OutFile ] [-HashAlgorithm ] [-PEMEncoded] - [] +Build-YubiKeyPIVCertificateSigningRequest -Slot -Attestation + [-AttestationLocation ] [-Subjectname ] [-OutFile ] + [-HashAlgorithm ] [-PEMEncoded] [] ``` ### Without Attestation + ``` -Build-YubiKeyPIVCertificateSigningRequest -Slot [-Subjectname ] [-OutFile ] - [-HashAlgorithm ] [-PEMEncoded] [] +Build-YubiKeyPIVCertificateSigningRequest -Slot [-Subjectname ] + [-OutFile ] [-HashAlgorithm ] [-PEMEncoded] [] ``` +## ALIASES + ## DESCRIPTION + Cmdlet that allows the creating of CSR to send to a CA. This allows the configuration of what the CSR should contain. ## EXAMPLES ### Example 1 + ```powershell PS C:\> $CSR = Build-YubiKeyPIVCertificateSigningRequest -Slot 0x9a -Subjectname 'CN=User,O=Company,C=SE' ``` @@ -38,6 +47,7 @@ PS C:\> $CSR = Build-YubiKeyPIVCertificateSigningRequest -Slot 0x9a -Subjectname Would create a CSR with the Subjectname "CN=User,O=Company,C=SE" and store it in the variable $CSR. ### Example 2 + ```powershell PS C:\> Build-YubiKeyPIVCertificateSigningRequest -Slot 0x9a -OutFile "$($env:TEMP)\certificate_request.req" ``` @@ -45,6 +55,7 @@ PS C:\> Build-YubiKeyPIVCertificateSigningRequest -Slot 0x9a -OutFile "$($env:TE Would create a CSR with the default Subjectname and store it as certificate_request.req in the temp folder. ### Example 3 + ```powershell PS C:\> $CSR = Build-YubiKeyPIVCertificateSigningRequest -Slot 0x9a -Attestation -PEMEncoded ``` @@ -54,117 +65,174 @@ Would create a CSR with attestation included and store it in the variable $CSR ## PARAMETERS ### -Attestation -Include attestion certificate in CSR + +Include attestation certificate in CSR ```yaml -Type: SwitchParameter -Parameter Sets: With Attestation -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: With Attestation + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -AttestationLocation -OID to store attestation in CSR + +OID location to store attestation in CSR. Legacy stores the attestation in the .11 OID as yubico-piv-tool used until 2025. Standard stores the attestation in the .1 OID as yubico-piv-tool uses from 2025. Both stores the attestation in both OIDs. ```yaml -Type: String -Parameter Sets: With Attestation -Aliases: -Accepted values: Both, Legacy, Standard - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: With Attestation + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Both +- Legacy +- Standard +HelpMessage: '' ``` ### -HashAlgorithm + HashAlgoritm, this will be forced to correct for ECC. ```yaml -Type: HashAlgorithmName -Parameter Sets: (All) -Aliases: -Accepted values: SHA1, SHA256, SHA384, SHA512 - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.HashAlgorithmName +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- SHA1 +- SHA256 +- SHA384 +- SHA512 +HelpMessage: '' ``` ### -OutFile + Save CSR as file ```yaml -Type: FileInfo -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PEMEncoded + Encode output as PEM ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot + Create a CSR for slot ```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: With Attestation + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Without Attestation + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Subjectname + Subjectname of certificate ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -173,6 +241,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Build-YubikeyPIVSignCertificate.md b/Docs/Commands/Build-YubikeyPIVSignCertificate.md index 09aa4f5..a397522 100644 --- a/Docs/Commands/Build-YubikeyPIVSignCertificate.md +++ b/Docs/Commands/Build-YubikeyPIVSignCertificate.md @@ -1,30 +1,50 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Build-YubiKeyPIVSignCertificate ## SYNOPSIS + Sign a certificate request with a YubiKey. ## SYNTAX +### Default (Default) + ``` Build-YubiKeyPIVSignCertificate -CertificateRequest -Slot [-HashAlgorithm ] [-OutFile ] [-PEMEncoded] [-Subjectname ] - [-NotBefore ] [-NotAfter ] [-SerialNumber ] [-CertificateAuthority] - [-SubjectAltName ] [-KeyUsage ] [-AIAUrl ] [] + [-NotBefore ] [-NotAfter ] [-SerialNumber ] + [-CertificateAuthority] [-SubjectAltName ] [-KeyUsage ] + [-AIAUrl ] [] +``` + +### __AllParameterSets + +``` +Build-YubiKeyPIVSignCertificate -CertificateRequest -Slot + [-HashAlgorithm ] [-OutFile ] [-PEMEncoded] [-SKI ] + [-Subjectname ] [-NotBefore ] [-NotAfter ] + [-SerialNumber ] [-CertificateAuthority] [-SubjectAltName ] + [-KeyUsage ] [-AIAUrl ] [] ``` +## ALIASES + ## DESCRIPTION + Allows the signing of a certificate request with a YubiKey. The certificate request must be in the form of a CSR in PEM format with the following properties: ## EXAMPLES ### Example 1 + ```powershell PS C:\> Build-YubikeyPIVSignCertificate -CertificateRequest "C:\temp\input.csr" -Slot 0x9d -Subjectname "CN=Signed site" -SubjectAltName ("DNS siteurl","DNS second.url") -OutFile "C:\temp\server.cer" ``` @@ -35,205 +55,320 @@ The certificate will contain the Subjectname "CN=Signed site" and the alternativ ## PARAMETERS ### -AIAUrl + AIA URL to include in signed certificates ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateAuthority + Make this a CA certificate ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateRequest + Certificate request ```yaml -Type: PSObject -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -HashAlgorithm + HashAlgoritm ```yaml -Type: HashAlgorithmName -Parameter Sets: (All) -Aliases: -Accepted values: SHA1, SHA256, SHA384, SHA512 - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.HashAlgorithmName +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- SHA1 +- SHA256 +- SHA384 +- SHA512 +HelpMessage: '' ``` ### -KeyUsage + Key usage options to include ```yaml -Type: X509KeyUsageFlags -Parameter Sets: (All) -Aliases: -Accepted values: None, EncipherOnly, CrlSign, KeyCertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.X509Certificates.X509KeyUsageFlags +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- EncipherOnly +- CrlSign +- KeyCertSign +- KeyAgreement +- DataEncipherment +- KeyEncipherment +- NonRepudiation +- DigitalSignature +- DecipherOnly +HelpMessage: '' ``` ### -NotAfter + Certificate to be valid until ```yaml -Type: DateTimeOffset -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.DateTimeOffset +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NotBefore + Certificate to be valid from ```yaml -Type: DateTimeOffset -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.DateTimeOffset +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -OutFile + Output file ```yaml -Type: FileInfo -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PEMEncoded + Encode output as PEM ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -SerialNumber + Serial number for certificate ```yaml -Type: Byte[] -Parameter Sets: (All) -Aliases: +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -SKI -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Custom SKI for debugging + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot + Slot to sign certificate with ```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -SubjectAltName + SubjectAlternativeNames for the certificate Start each string with DNS, MAIL or UPN and a space before the value. ```yaml -Type: String[] -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Subjectname -Subjectname of certificate -```yaml -Type: String -Parameter Sets: (All) -Aliases: +Subject name of certificate -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -242,6 +377,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Confirm-YubiKeyPIVAttestation.md b/Docs/Commands/Confirm-YubiKeyPIVAttestation.md index 273bc76..714223a 100644 --- a/Docs/Commands/Confirm-YubiKeyPIVAttestation.md +++ b/Docs/Commands/Confirm-YubiKeyPIVAttestation.md @@ -1,67 +1,84 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Confirm-YubiKeyPIVAttestation ## SYNOPSIS + Confirm YubiKey Attestation. ## SYNTAX ### requestWithExternalAttestation-Object + ``` Confirm-YubiKeyPIVAttestation -CertificateRequest - -AttestationCertificate -IntermediateCertificate [] + -AttestationCertificate -IntermediateCertificate + [] ``` ### requestWithBuiltinAttestation-Object + ``` Confirm-YubiKeyPIVAttestation -CertificateRequest [] ``` ### requestWithExternalAttestation-File + ``` -Confirm-YubiKeyPIVAttestation -CertificateRequestFile -AttestationCertificateFile - -IntermediateCertificateFile [] +Confirm-YubiKeyPIVAttestation -CertificateRequestFile + -AttestationCertificateFile -IntermediateCertificateFile [] ``` ### requestWithBuiltinAttestation-File + ``` Confirm-YubiKeyPIVAttestation -CertificateRequestFile [] ``` ### JustAttestCertificate-Object + ``` Confirm-YubiKeyPIVAttestation -AttestationCertificate -IntermediateCertificate [] ``` ### JustAttestCertificate-File + ``` -Confirm-YubiKeyPIVAttestation -AttestationCertificateFile -IntermediateCertificateFile - [] +Confirm-YubiKeyPIVAttestation -AttestationCertificateFile + -IntermediateCertificateFile [] ``` ### CertificateIncludingAttestation-Object + ``` -Confirm-YubiKeyPIVAttestation -CertificateIncludingAttestation [] +Confirm-YubiKeyPIVAttestation -CertificateIncludingAttestation + [] ``` ### CertificateIncludingAttestation-File + ``` Confirm-YubiKeyPIVAttestation -CertificateIncludingAttestationFile [] ``` +## ALIASES + ## DESCRIPTION + This cmdlet allows for verification of the attestation of YubiKeys. This can be used both to verify the attestation certificate and Certificate Request with and without built in attestation. ## EXAMPLES ### Example 1 + ```powershell PS C:\> New-YubikeyPIVCSR -Slot 0x9a -Attestation -OutFile csr.pem PS C:\> Confirm-YubiKeyPIVAttestation -CertificateRequestFile csr.pem @@ -82,6 +99,7 @@ Verify the certificate request created by New-YubikeyPIVCSR -Attestation. Since this is a certificate request, *AttestationMatchesCSR* has a value. ### Example 2 + ```powershell PS C:\> Confirm-YubiKeyPIVAttestation -AttestationCertificate (Assert-YubikeyPIV -Slot 0x9a) -IntermediateCertificate (Export-YubikeyPIVCertificate -AttestationIntermediateCertificate) @@ -101,6 +119,7 @@ Verify the certificate request created by exported attestation and intermediate Since this did not include a Certificate Request, *AttestationMatchesCSR* is null. ### Example 3 + ```powershell PS C:\> Confirm-YubiKeyPIVAttestation -CertificateRequestFile csr.pem -AttestationCertificateFile attestation.pem -IntermediateCertificateFile intermediate.pem @@ -123,127 +142,215 @@ All three files should be provided as PEM files by the requesting party. ## PARAMETERS ### -AttestationCertificate + AttestationCertificate ```yaml -Type: X509Certificate2 -Parameter Sets: requestWithExternalAttestation-Object, JustAttestCertificate-Object -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.X509Certificates.X509Certificate2 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: JustAttestCertificate-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -AttestationCertificateFile + AttestationCertificate ```yaml -Type: FileInfo -Parameter Sets: requestWithExternalAttestation-File, JustAttestCertificate-File -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: JustAttestCertificate-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateIncludingAttestation + CertificateIncludingAttestation ```yaml -Type: X509Certificate2 -Parameter Sets: CertificateIncludingAttestation-Object -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.X509Certificates.X509Certificate2 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: CertificateIncludingAttestation-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateIncludingAttestationFile + CertificateIncludingAttestation ```yaml -Type: FileInfo -Parameter Sets: CertificateIncludingAttestation-File -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: CertificateIncludingAttestation-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateRequest + CSR to check ```yaml -Type: CertificateRequest -Parameter Sets: requestWithExternalAttestation-Object, requestWithBuiltinAttestation-Object -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.X509Certificates.CertificateRequest +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: requestWithBuiltinAttestation-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateRequestFile + CSR to check ```yaml -Type: FileInfo -Parameter Sets: requestWithExternalAttestation-File, requestWithBuiltinAttestation-File -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: requestWithBuiltinAttestation-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -IntermediateCertificate + IntermediateCertificate ```yaml -Type: X509Certificate2 -Parameter Sets: requestWithExternalAttestation-Object, JustAttestCertificate-Object -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.Cryptography.X509Certificates.X509Certificate2 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: JustAttestCertificate-Object + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -IntermediateCertificateFile + IntermediateCertificate ```yaml -Type: FileInfo -Parameter Sets: requestWithExternalAttestation-File, JustAttestCertificate-File -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: requestWithExternalAttestation-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: JustAttestCertificate-File + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -252,6 +359,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Connect-Yubikey.md b/Docs/Commands/Connect-Yubikey.md index f9f98ab..2cfb2e6 100644 --- a/Docs/Commands/Connect-Yubikey.md +++ b/Docs/Commands/Connect-Yubikey.md @@ -1,38 +1,48 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Connect-Yubikey ## SYNOPSIS + Connect the module to the YubiKey. ## SYNTAX ### Connect single Yubikey (Default) + ``` -Connect-Yubikey [] +Connect-YubiKey [] ``` ### Connect provided Yubikey + ``` -Connect-Yubikey [[-YubiKey] ] [] +Connect-YubiKey [[-YubiKey] ] [] ``` ### Connect Yubikey with Serialnumber + ``` -Connect-Yubikey [-Serialnumber ] [] +Connect-YubiKey [-Serialnumber ] [] ``` +## ALIASES + ## DESCRIPTION + The `Connect-Yubikey` cmdlet allows the module connect to a YubiKey. The command allows specific YubiKey to be connected. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Connect-Yubikey ``` @@ -40,6 +50,7 @@ PS C:\> Connect-Yubikey Try to connect to a single YubiKey, will fail if number of connected YubiKeys aren't one. ### Example 2 + ```powershell PS C:\> Connect-Yubikey -Serialnumber -Serialnumber 12345 ``` @@ -49,37 +60,53 @@ Connect to a specific YubiKey with serial 12345 ## PARAMETERS ### -Serialnumber + Connect to YubiKey with Serialnumber ```yaml -Type: Int32 -Parameter Sets: Connect Yubikey with Serialnumber -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[System.Int32] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Connect Yubikey with Serialnumber + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -YubiKey + Which YubiKey to connect to ```yaml -Type: YubiKeyDevice -Parameter Sets: Connect provided Yubikey -Aliases: - -Required: False -Position: 0 -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyDevice +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Connect provided Yubikey + Position: 0 + IsRequired: false + ValueFromPipeline: true + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -88,6 +115,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Connect-YubikeyFIDO2.md b/Docs/Commands/Connect-YubikeyFIDO2.md index d191bf8..cc32fca 100644 --- a/Docs/Commands/Connect-YubikeyFIDO2.md +++ b/Docs/Commands/Connect-YubikeyFIDO2.md @@ -1,28 +1,43 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Connect-YubiKeyFIDO2 ## SYNOPSIS + Connect to the FIDO2 session. ## SYNTAX +### Default (Default) + ``` Connect-YubiKeyFIDO2 -PIN [] ``` +### __AllParameterSets + +``` +Connect-YubiKeyFIDO2 -PIN [] +``` + +## ALIASES + ## DESCRIPTION + Allows FIDO2 commands to be sent to the YubiKey Must be run as Administrator ## EXAMPLES ### Example 1 + ```powershell PS C:\> Connect-YubikeyFIDO2 @@ -32,44 +47,56 @@ Supply values for the following parameters: PIN: ****** ``` -Connect to FIDO2 module with default ManagmentKey +Connect to FIDO2 module ### Example 2 + ```powershell PS C:\> $PIN = Read-Host -AsSecureString 'PIN' PIN: ****** PS C:\> Connect-YubikeyFIDO2 -PIN $PIN ``` -Connect to FIDO2 module with default Managementkey and a stored pin requested from the commandline +Connect to FIDO2 module with and a stored pin requested from the commandline ### Example 3 + ```powershell PS C:\> $PIN = ConvertTo-SecureString -String "123456" -AsPlainText -Force PS C:\> Connect-YubikeyFIDO2 -PIN $PIN ``` -Connect to FIDO2 module with default Managementkey and a stored pin requested constructed from code +Connect to FIDO2 module with a stored pin requested constructed from code ## PARAMETERS ### -PIN -FIDO2 PIN + +PIN ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -78,6 +105,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Connect-YubikeyOATH.md b/Docs/Commands/Connect-YubikeyOATH.md index 42d7690..9aaf61d 100644 --- a/Docs/Commands/Connect-YubikeyOATH.md +++ b/Docs/Commands/Connect-YubikeyOATH.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Connect-YubiKeyOATH ## SYNOPSIS + Connect to the OATH part of the connected YubiKey. ## SYNTAX +### Default (Default) + ``` Connect-YubiKeyOATH -Password [] ``` +### Password (Default) + +``` +Connect-YubiKeyOATH -Password [] +``` + +## ALIASES + ## DESCRIPTION + {{ Fill in the Description }} ## EXAMPLES ### Example 1 + ```powershell PS C:\> Connect-YubikeyOATH ``` @@ -31,22 +46,32 @@ Connect to the OATH part of the connected YubiKey. ## PARAMETERS ### -Password -Password + +Password provided as a SecureString. ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Password + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -55,6 +80,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Connect-YubikeyPIV.md b/Docs/Commands/Connect-YubikeyPIV.md index 718c5c7..f3f504b 100644 --- a/Docs/Commands/Connect-YubikeyPIV.md +++ b/Docs/Commands/Connect-YubikeyPIV.md @@ -1,38 +1,48 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Connect-YubikeyPIV ## SYNOPSIS + Connect PIV module ## SYNTAX ### PIN (Default) + ``` -Connect-YubikeyPIV -PIN [] +Connect-YubiKeyPIV -PIN [] ``` ### PIN&Management + ``` -Connect-YubikeyPIV -ManagementKey -PIN [] +Connect-YubiKeyPIV -ManagementKey -PIN [] ``` ### Management + ``` -Connect-YubikeyPIV -ManagementKey [] +Connect-YubiKeyPIV -ManagementKey [] ``` +## ALIASES + ## DESCRIPTION + Connects the PIV module for the currently connected YubiKey, with PIN and Management Key as needed ## EXAMPLES ### Example 1 + ```powershell PS C:\> Connect-YubikeyPIV @@ -45,6 +55,7 @@ PIN: ****** Connect to PIV module with default Managment Key ### Example 2 + ```powershell PS C:\> $PIN = Read-Host -AsSecureString 'PIN' PIN: ****** @@ -54,6 +65,7 @@ PS C:\> Connect-YubikeyPIV -PIN $PIN Connect to PIV module with default Management key and a stored pin requested from the command line ### Example 3 + ```powershell PS C:\> $PIN = ConvertTo-SecureString -String "123456" -AsPlainText -Force PS C:\> Connect-YubikeyPIV -PIN $PIN @@ -64,37 +76,65 @@ Connect to PIV module with default Managementkey and a stored PIN requested cons ## PARAMETERS ### -ManagementKey -ManagementKey + +Management key ```yaml -Type: PSObject -Parameter Sets: PIN&Management, Management -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: PIN&Management + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Management + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PIN + PIN ```yaml -Type: SecureString -Parameter Sets: PIN, PIN&Management -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: PIN&Management + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: PIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -103,6 +143,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/ConvertTo-AltSecurity.md b/Docs/Commands/ConvertTo-AltSecurity.md index 0041661..e20d0f8 100644 --- a/Docs/Commands/ConvertTo-AltSecurity.md +++ b/Docs/Commands/ConvertTo-AltSecurity.md @@ -1,33 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # ConvertTo-AltSecurity ## SYNOPSIS + Generate the alt security security identities for a certificate ## SYNTAX ### From Certificate (Default) + ``` ConvertTo-AltSecurity [-Certificate] [] ``` ### From CertificateRequest + ``` ConvertTo-AltSecurity -CertificateRequest [] ``` +## ALIASES + ## DESCRIPTION + Creates all altSecurityIdentities and ssh keys for a given certificate. The altSecurityIdentities are created by taking the certificate's subject and issuer and creating a UPN and SPN from them. The ssh keys are created by taking the certificate's public key and creating the public part of a ssh key pair from it. ## EXAMPLES ### Example 1 + ```powershell PS C:\> ConvertTo-AltSecurity -Certificate SignedCertificate.cer @@ -48,37 +57,53 @@ Create all versions of altSecurityIdentities and ssh keys for the certificate Si ## PARAMETERS ### -Certificate + Certificate to extract info from ```yaml -Type: PSObject -Parameter Sets: From Certificate -Aliases: - -Required: True -Position: 0 -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: From Certificate + Position: 0 + IsRequired: true + ValueFromPipeline: true + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CertificateRequest + Certificate request ```yaml -Type: PSObject -Parameter Sets: From CertificateRequest -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: From CertificateRequest + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -87,6 +112,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Disconnect-Yubikey.md b/Docs/Commands/Disconnect-Yubikey.md index 0e4948d..fef9550 100644 --- a/Docs/Commands/Disconnect-Yubikey.md +++ b/Docs/Commands/Disconnect-Yubikey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Disconnect-Yubikey ## SYNOPSIS + Disconnects the YubiKey ## SYNTAX +### Default (Default) + ``` Disconnect-Yubikey [] ``` +### __AllParameterSets + +``` +Disconnect-YubiKey [] +``` + +## ALIASES + ## DESCRIPTION + Disconnect Yubikey, to allow other processes to connect ## EXAMPLES ### Example 1 + ```powershell PS C:\> Disconnect-Yubikey ``` @@ -29,12 +44,17 @@ PS C:\> Disconnect-Yubikey Disconnects the YubiKey ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -43,6 +63,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Enable-YubikeyFIDO2EnterpriseAttestation.md b/Docs/Commands/Enable-YubikeyFIDO2EnterpriseAttestation.md index df9ca6f..64f320f 100644 --- a/Docs/Commands/Enable-YubikeyFIDO2EnterpriseAttestation.md +++ b/Docs/Commands/Enable-YubikeyFIDO2EnterpriseAttestation.md @@ -1,28 +1,43 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Enable-YubikeyFIDO2EnterpriseAttestation ## SYNOPSIS + Enables the Enterprise Attestion feature on the YubiKey FIDO2 device. ## SYNTAX +### Default (Default) + ``` Enable-YubikeyFIDO2EnterpriseAttestation [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +Enable-YubiKeyFIDO2EnterpriseAttestation [] +``` + +## ALIASES + ## DESCRIPTION + Enables the Enterprise Attestion feature on the YubiKey FIDO2 device. Is only avaialble on some Yubikey models. ## EXAMPLES ### Example 1 + ```powershell PS C:\> {{ Add example code here }} ``` @@ -32,38 +47,56 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf + Shows what would happen if the cmdlet runs. The cmdlet is not run. ```yaml Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -72,6 +105,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Enable-powershellYKSDKLogging.md b/Docs/Commands/Enable-powershellYKSDKLogging.md index c343107..d40a529 100644 --- a/Docs/Commands/Enable-powershellYKSDKLogging.md +++ b/Docs/Commands/Enable-powershellYKSDKLogging.md @@ -1,27 +1,42 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Enable-powershellYKSDKLogging ## SYNOPSIS + Enables logging from the Yubico SDK. ## SYNTAX +### Default (Default) + +``` +Enable-powershellYKSDKLogging [] +``` + +### __AllParameterSets + ``` Enable-powershellYKSDKLogging [] ``` +## ALIASES + ## DESCRIPTION + Enables logging from the Yubico SDK. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Enable-powershellYKSDKLogging ``` @@ -31,7 +46,11 @@ Enables logging from the Yubico SDK. ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -40,6 +59,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Export-YubikeyPIVCertificate.md b/Docs/Commands/Export-YubikeyPIVCertificate.md index 5411232..79ded40 100644 --- a/Docs/Commands/Export-YubikeyPIVCertificate.md +++ b/Docs/Commands/Export-YubikeyPIVCertificate.md @@ -1,34 +1,44 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Export-YubiKeyPIVCertificate ## SYNOPSIS + Export certificate from YubiKey PIV ## SYNTAX ### Slot + ``` -Export-YubiKeyPIVCertificate -Slot [-OutFile ] [-PEMEncoded] [] +Export-YubiKeyPIVCertificate -Slot [-OutFile ] [-PEMEncoded] + [] ``` ### AttestationCertificate + ``` -Export-YubiKeyPIVCertificate [-AttestationIntermediateCertificate] [-OutFile ] [-PEMEncoded] +Export-YubiKeyPIVCertificate -AttestationIntermediateCertificate [-OutFile ] [-PEMEncoded] [] ``` +## ALIASES + ## DESCRIPTION + Export certificates from YubiKey ## EXAMPLES ### Example 1 + ```powershell PS C:\> $Certificate = Export-YubikeyPIVCertificate -Slot 0x9a ``` @@ -36,6 +46,7 @@ PS C:\> $Certificate = Export-YubikeyPIVCertificate -Slot 0x9a Exports the certificate to a variable for futher processing. ### Example 2 + ```powershell PS C:\> Export-YubikeyPIVCertificate -Slot 0x9a -OutFile "$($env:TEMP)\exported_certificate.cer" ``` @@ -43,6 +54,7 @@ PS C:\> Export-YubikeyPIVCertificate -Slot 0x9a -OutFile "$($env:TEMP)\exported_ Exports the certificate from slot 0x9a and stores it as exported_certificate.cer in the temp folder. ### Example 3 + ```powershell PS C:\> Export-YubikeyPIVCertificate -AttestationCertificate -OutFile yubikey_intermediate_attestation.cer ``` @@ -52,67 +64,96 @@ Exports the builtin intermediate attestation certificate. ## PARAMETERS ### -AttestationIntermediateCertificate + Export Attestation certificate ```yaml -Type: SwitchParameter -Parameter Sets: AttestationCertificate -Aliases: AttestationCertificate - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- AttestationCertificate +ParameterSets: +- Name: AttestationCertificate + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -OutFile + Output file ```yaml -Type: FileInfo -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PEMEncoded + Encode output as PEM ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot + Slot to extract ```yaml -Type: PIVSlot -Parameter Sets: Slot -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Slot + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -121,6 +162,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Find-Yubikey.md b/Docs/Commands/Find-Yubikey.md index bd6c252..6322719 100644 --- a/Docs/Commands/Find-Yubikey.md +++ b/Docs/Commands/Find-Yubikey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Find-Yubikey ## SYNOPSIS + Lists all YubiKeys on system ## SYNTAX +### Default (Default) + ``` Find-Yubikey [-OnlyOne] [-Serialnumber ] [] ``` +### __AllParameterSets + +``` +Find-YubiKey [-OnlyOne] [-Serialnumber ] [] +``` + +## ALIASES + ## DESCRIPTION + List all YubiKeys on system ## EXAMPLES ### Example 1 + ```powershell PS C:\> Find-Yubikey ``` @@ -31,37 +46,53 @@ Lists all Yubikeys on this system ## PARAMETERS ### -OnlyOne + Return only one Yubikey ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Serialnumber -Return only yubikey with serialnumber + +Return only yubikey with serial number ```yaml -Type: Int32 -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[System.Int32] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -70,6 +101,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-Yubikey.md b/Docs/Commands/Get-Yubikey.md index 14aaa33..801c5bb 100644 --- a/Docs/Commands/Get-Yubikey.md +++ b/Docs/Commands/Get-Yubikey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-Yubikey ## SYNOPSIS + Returns the connected YubiKey ## SYNTAX +### Default (Default) + ``` Get-Yubikey [] ``` +### __AllParameterSets + +``` +Get-YubiKey [] +``` + +## ALIASES + ## DESCRIPTION + This command will return information about the currently connected YubiKey ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-Yubikey ``` @@ -31,7 +46,11 @@ Information about Yubikey ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -40,6 +59,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyBIOFingerprint.md b/Docs/Commands/Get-YubikeyBIOFingerprint.md index a59b9cb..0d9af24 100644 --- a/Docs/Commands/Get-YubikeyBIOFingerprint.md +++ b/Docs/Commands/Get-YubikeyBIOFingerprint.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubiKeyBIOFingerprint ## SYNOPSIS + List fingerprint templates registered on a YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ## SYNTAX +### Default (Default) + +``` +Get-YubiKeyBIOFingerprint [] +``` + +### __AllParameterSets + ``` Get-YubiKeyBIOFingerprint [] ``` +## ALIASES + ## DESCRIPTION + List fingerprint templates registered on a YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ## EXAMPLES ### Example 1 + ```powershell PS C:\> Register-YubikeyBIOFingerprint -Name "left index" Place your finger against the sensor repeatedly... @@ -33,7 +48,11 @@ Register left index finger as "left index". ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -42,6 +61,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyFIDO2.md b/Docs/Commands/Get-YubikeyFIDO2.md index 8936392..fdecd0c 100644 --- a/Docs/Commands/Get-YubikeyFIDO2.md +++ b/Docs/Commands/Get-YubikeyFIDO2.md @@ -1,28 +1,43 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubikeyFIDO2 ## SYNOPSIS + Get FIDO2 information from YubiKey ## SYNTAX +### Default (Default) + ``` Get-YubikeyFIDO2 [] ``` +### __AllParameterSets + +``` +Get-YubiKeyFIDO2 [] +``` + +## ALIASES + ## DESCRIPTION + Lists information about the FIDO2 capabilities of a YubiKey. For instance minimum PIN length ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyFIDO2 @@ -54,7 +69,11 @@ Yubikey 5.7 FIDO2 capabilities. ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -63,6 +82,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyFIDO2Credential.md b/Docs/Commands/Get-YubikeyFIDO2Credential.md index c93a36d..fe36595 100644 --- a/Docs/Commands/Get-YubikeyFIDO2Credential.md +++ b/Docs/Commands/Get-YubikeyFIDO2Credential.md @@ -1,38 +1,48 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubiKeyFIDO2Credential ## SYNOPSIS + Read the FIDO2 discoverable credentials ## SYNTAX ### List-All (Default) + ``` -Get-YubiKeyFIDO2Credential [] +Get-YubiKeyFIDO2Credential [-All] [] ``` ### List-CredentialID + ``` Get-YubiKeyFIDO2Credential -CredentialID [] ``` ### List-CredentialID-Base64URL + ``` Get-YubiKeyFIDO2Credential -CredentialIdBase64Url [] ``` +## ALIASES + ## DESCRIPTION + Get what FIDO2 credentials that have been saved in the Yubikey. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyFIDO2Credential @@ -45,38 +55,75 @@ Lists all sites and usernames for all discoverable credentials. ## PARAMETERS +### -All + +List all + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: List-All + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + ### -CredentialID + Credential ID to remove ```yaml -Type: CredentialID -Parameter Sets: List-CredentialID -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[powershellYK.FIDO2.CredentialID] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: List-CredentialID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CredentialIdBase64Url + Credential ID to remove int Base64 URL encoded format ```yaml -Type: String -Parameter Sets: List-CredentialID-Base64URL -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: List-CredentialID-Base64URL + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -85,6 +132,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyOATH.md b/Docs/Commands/Get-YubikeyOATH.md index 9d01ab1..7cd1d7b 100644 --- a/Docs/Commands/Get-YubikeyOATH.md +++ b/Docs/Commands/Get-YubikeyOATH.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubikeyOATH ## SYNOPSIS + Get information about the OATH module ## SYNTAX +### Default (Default) + ``` Get-YubikeyOATH [] ``` +### __AllParameterSets + +``` +Get-YubiKeyOATH [] +``` + +## ALIASES + ## DESCRIPTION + {{ Fill in the Description }} ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyOATH @@ -35,7 +50,11 @@ Lists information regarding the OATH module. ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -44,6 +63,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyOATHAccount.md b/Docs/Commands/Get-YubikeyOATHAccount.md index f3add16..06a2c7d 100644 --- a/Docs/Commands/Get-YubikeyOATHAccount.md +++ b/Docs/Commands/Get-YubikeyOATHAccount.md @@ -1,28 +1,43 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubikeyOATHAccount ## SYNOPSIS + List all OATH accounts ## SYNTAX +### Default (Default) + ``` Get-YubikeyOATHAccount [] ``` +### __AllParameterSets + +``` +Get-YubiKeyOATHAccount [] +``` + +## ALIASES + ## DESCRIPTION + This commands list all OATH credentials registered on the Yubikey. Both TOTP (Time-based one-time password) and HOTP (HMAC-based one-time password algorithm) will be visible. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyOATHAccount @@ -44,7 +59,11 @@ Lists all TOTP Account registered on the Yubikey ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -53,6 +72,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyOTP.md b/Docs/Commands/Get-YubikeyOTP.md index c9c1b29..a766eab 100644 --- a/Docs/Commands/Get-YubikeyOTP.md +++ b/Docs/Commands/Get-YubikeyOTP.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubikeyOTP ## SYNOPSIS + YubiKey OTP Information ## SYNTAX +### Default (Default) + ``` Get-YubikeyOTP [] ``` +### __AllParameterSets + +``` +Get-YubiKeyOTP [] +``` + +## ALIASES + ## DESCRIPTION + Command to retrive information about the YubiKey OTP configuration. As the Yubikey OTP does not allow information about what the slots are confgured to contain, this is not listed. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyOTP @@ -36,7 +51,11 @@ This command will display the current configuration of the Yubikey OTP. ## PARAMETERS ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -45,6 +64,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-YubikeyPIV.md b/Docs/Commands/Get-YubikeyPIV.md index 8e3962b..2c78f21 100644 --- a/Docs/Commands/Get-YubikeyPIV.md +++ b/Docs/Commands/Get-YubikeyPIV.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-YubikeyPIV ## SYNOPSIS + Gets information about the PIV module and specific slots. ## SYNTAX +### Default (Default) + ``` Get-YubikeyPIV [-Slot ] [] ``` +### __AllParameterSets + +``` +Get-YubiKeyPIV [-Slot ] [] +``` + +## ALIASES + ## DESCRIPTION + Gets information from both the yubikey and specific slots. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyPIV @@ -36,6 +51,7 @@ SlotsWithPrivateKeys : {154, 158} Displays the number of retires left and total for PIN and PUK code. Aswell as Slots with private keys and the CHUID. ### Example 2 + ```powershell PS C:\> Get-YubikeyPIV -Slot 0x9e @@ -55,22 +71,32 @@ Displays information about the PIV slot and any contained certificate ## PARAMETERS ### -Slot + Retrive a info from specific slot ```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[powershellYK.PIV.PIVSlot] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -79,6 +105,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Get-powershellYKInfo.md b/Docs/Commands/Get-powershellYKInfo.md index c8d8805..24d703a 100644 --- a/Docs/Commands/Get-powershellYKInfo.md +++ b/Docs/Commands/Get-powershellYKInfo.md @@ -1,46 +1,53 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Get-powershellYKInfo ## SYNOPSIS + Get module internal information. ## SYNTAX +### Default (Default) + ``` Get-powershellYKInfo [] ``` +### __AllParameterSets + +``` +Get-powershellYKInfo [] +``` + +## ALIASES + ## DESCRIPTION + Get library versions and other information about the powershellYK module. ## EXAMPLES -### Example 1 -```powershell -PS C:\> Get-powershellYKInfo - -YubicoVersion AutomationVersion powershellYKVersion -------------- ----------------- ------------------- -1.10.0.0 7.4.2.500 0.0.13.1 - ## PARAMETERS -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). - ## INPUTS -### None - ## OUTPUTS ### System.Object + +Returns versions of components in Powershell module + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Import-YubikeyPIV.md b/Docs/Commands/Import-YubikeyPIV.md index e2c8902..cc5517e 100644 --- a/Docs/Commands/Import-YubikeyPIV.md +++ b/Docs/Commands/Import-YubikeyPIV.md @@ -1,46 +1,60 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Import-YubiKeyPIV ## SYNOPSIS + Import certificate ## SYNTAX ### CertificateOnly + ``` Import-YubiKeyPIV -Slot -Certificate [-WhatIf] [-Confirm] [] ``` ### CertificateAndKey + ``` -Import-YubiKeyPIV -Slot -Certificate -PrivateKeyPath [-Password ] - [-PinPolicy ] [-TouchPolicy ] [-WhatIf] [-Confirm] [] +Import-YubiKeyPIV -Slot -Certificate -PrivateKeyPath + [-Password ] [-PinPolicy ] [-TouchPolicy ] [-WhatIf] + [-Confirm] [] ``` ### P12 + ``` -Import-YubiKeyPIV -Slot -P12Path [-Password ] [-PinPolicy ] - [-TouchPolicy ] [-WhatIf] [-Confirm] [] +Import-YubiKeyPIV -Slot -P12Path [-Password ] + [-PinPolicy ] [-TouchPolicy ] [-WhatIf] [-Confirm] + [] ``` ### Privatekey + ``` Import-YubiKeyPIV -Slot -PrivateKeyPath [-Password ] - [-PinPolicy ] [-TouchPolicy ] [-WhatIf] [-Confirm] [] + [-PinPolicy ] [-TouchPolicy ] [-WhatIf] [-Confirm] + [] ``` +## ALIASES + ## DESCRIPTION + Imports a certicate into the Yubikey ## EXAMPLES ### Example 1 + ```powershell PS C:\> Import-YubikeyPIV -Slot 0x9a -Certificate certificate.cer ``` @@ -48,6 +62,7 @@ PS C:\> Import-YubikeyPIV -Slot 0x9a -Certificate certificate.cer Import certificate.cer into the certificate slot 0x9a ### Example 2 + ```powershell PS C:\> Import-YubikeyPIV -Slot "Digital Signature" -PrivateKeyPath .\ecc_384.pem -Password (Read-Host -AsSecureString "Password") ``` @@ -57,144 +72,258 @@ Import certificate.cer into the certificate slot 0x9a ## PARAMETERS ### -Certificate + Certificate to be stored ```yaml -Type: Object -Parameter Sets: CertificateOnly, CertificateAndKey -Aliases: +Type: System.Object +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: CertificateOnly + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: CertificateAndKey + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -P12Path + P12 file to be stored ```yaml -Type: FileInfo -Parameter Sets: P12 -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: P12 + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Password + Private key password ```yaml -Type: SecureString -Parameter Sets: CertificateAndKey, P12, Privatekey -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Privatekey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: CertificateAndKey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: P12 + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PinPolicy -PinPolicy -```yaml -Type: PivPinPolicy -Parameter Sets: CertificateAndKey, P12, Privatekey -Aliases: -Accepted values: Default, Never, None, Once +Pin policy -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: Yubico.YubiKey.Piv.PivPinPolicy +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Privatekey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: CertificateAndKey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: P12 + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Default +- Never +- None +- Once +HelpMessage: '' ``` ### -PrivateKeyPath + Private key to be stored ```yaml -Type: FileInfo -Parameter Sets: CertificateAndKey, Privatekey -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.IO.FileInfo +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Privatekey + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: CertificateAndKey + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot -Slotnumber -```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: +Slot number -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -TouchPolicy -TouchPolicy - -```yaml -Type: PivTouchPolicy -Parameter Sets: CertificateAndKey, P12, Privatekey -Aliases: -Accepted values: Default, Never, Always, Cached -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Touch policy ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Piv.PivTouchPolicy +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Privatekey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: CertificateAndKey + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: P12 + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Default +- Never +- Always +- Cached +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi +Runs the command in a mode that only reports what would happen without performing the actions. -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -203,6 +332,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Lock-Yubikey.md b/Docs/Commands/Lock-Yubikey.md index 630405f..56eaa10 100644 --- a/Docs/Commands/Lock-Yubikey.md +++ b/Docs/Commands/Lock-Yubikey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Lock-Yubikey ## SYNOPSIS + Lock the YubiKey configuration ## SYNTAX +### Default (Default) + ``` Lock-Yubikey -LockCode [] ``` +### __AllParameterSets + +``` +Lock-YubiKey -LockCode [] +``` + +## ALIASES + ## DESCRIPTION + Locks the YubiKey behind a 16 byte lock code. This lock code is required to unlock the Yubikey configuration. ## EXAMPLES ### Example 1 + ```powershell PS C:\> $Lockcode = [byte[]](1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16) PS C:\> Lock-Yubikey -LockCode $Lockcode @@ -33,22 +48,32 @@ Locks the configuration so it requires a hex code of 0102030405060708090A0B0C0D0 ## PARAMETERS ### -LockCode + LockCode for Yubikey ```yaml -Type: Byte[] -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -57,6 +82,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Move-YubikeyPIV.md b/Docs/Commands/Move-YubikeyPIV.md index 207eaee..d6297d9 100644 --- a/Docs/Commands/Move-YubikeyPIV.md +++ b/Docs/Commands/Move-YubikeyPIV.md @@ -1,28 +1,44 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Move-YubikeyPIV ## SYNOPSIS + Move a key from one slot to another ## SYNTAX +### Default (Default) + +``` +Move-YubikeyPIV -SourceSlot -DestinationSlot [-MigrateCertificate] [-WhatIf] + [-Confirm] [] +``` + +### __AllParameterSets + ``` -Move-YubikeyPIV -SourceSlot -DestinationSlot [-MigrateCertificate] [-WhatIf] [-Confirm] - [] +Move-YubiKeyPIV -SourceSlot -DestinationSlot [-MigrateCertificate] [-WhatIf] + [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + This command will move a key from one slot to another. This is useful if you want to change the slot a key is in. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Move-YubikeyPIVKey -SourceSlot "Digital Signature" -DestinationSlot "Card Authentication" ``` @@ -31,84 +47,119 @@ That command would move the key in the Digital Signature slot to the Card Authen ## PARAMETERS -### -DestinationSlot -What slot to move a key to +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: PIVSlot -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -DestinationSlot + +What slot to move a key to -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -MigrateCertificate + Move the certificate along ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -SourceSlot -What slot to move a key from - -```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +What slot to move a key from ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -117,6 +168,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/New-YubiKeyFIDO2Credential.md b/Docs/Commands/New-YubiKeyFIDO2Credential.md index 5353606..a898c9b 100644 --- a/Docs/Commands/New-YubiKeyFIDO2Credential.md +++ b/Docs/Commands/New-YubiKeyFIDO2Credential.md @@ -1,56 +1,64 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # New-YubiKeyFIDO2Credential ## SYNOPSIS + Creates a new FIDO2 credential on the connected YubiKey. For more complete examples see: https://github.com/virot/powershellYK/tree/master/Docs/Examples ## SYNTAX ### UserData-HostData + ``` -New-YubiKeyFIDO2Credential -RelyingPartyID [-RelyingPartyName ] -Username - [-UserDisplayName ] -UserID -Challenge [-Discoverable ] - [-RequestedAlgorithms ] - [-WhatIf] [-Confirm] [] +New-YubiKeyFIDO2Credential -RelyingPartyID -Username -UserID + -Challenge [-RelyingPartyName ] [-UserDisplayName ] + [-Discoverable ] [-RequestedAlgorithms ] [-WhatIf] + [-Confirm] [] ``` ### UserEntity-HostData + ``` -New-YubiKeyFIDO2Credential -RelyingPartyID [-RelyingPartyName ] -Challenge - [-Discoverable ] -UserEntity - [-RequestedAlgorithms ] - [-WhatIf] [-Confirm] [] +New-YubiKeyFIDO2Credential -RelyingPartyID -Challenge -UserEntity + [-RelyingPartyName ] [-Discoverable ] + [-RequestedAlgorithms ] [-WhatIf] [-Confirm] [] ``` ### UserData-RelyingParty + ``` -New-YubiKeyFIDO2Credential -RelyingParty -Username [-UserDisplayName ] - -UserID -Challenge [-Discoverable ] - [-RequestedAlgorithms ] - [-WhatIf] [-Confirm] [] +New-YubiKeyFIDO2Credential -RelyingParty -Username -UserID + -Challenge [-UserDisplayName ] [-Discoverable ] + [-RequestedAlgorithms ] [-WhatIf] [-Confirm] [] ``` ### UserEntity-RelyingParty + ``` -New-YubiKeyFIDO2Credential -RelyingParty -Challenge [-Discoverable ] - -UserEntity - [-RequestedAlgorithms ] - [-WhatIf] [-Confirm] [] +New-YubiKeyFIDO2Credential -RelyingParty -Challenge + -UserEntity [-Discoverable ] + [-RequestedAlgorithms ] [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + {{ Fill in the Description }} ## EXAMPLES ### Example 1 + ```powershell PS C:\> {{ Add example code here }} ``` @@ -60,189 +68,314 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Challenge + Challange. ```yaml -Type: Challenge -Parameter Sets: (All) -Aliases: +Type: powershellYK.FIDO2.Challenge +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Discoverable + Should this credential be discoverable. ```yaml -Type: Boolean -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Boolean +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RelyingParty + RelaingParty object. ```yaml -Type: RelyingParty -Parameter Sets: UserData-RelyingParty, UserEntity-RelyingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Fido2.RelyingParty +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserEntity-RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RelyingPartyID + Specify which relayingParty (site) this credential is regards to. ```yaml -Type: String -Parameter Sets: UserData-HostData, UserEntity-HostData -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-HostData + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserEntity-HostData + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RelyingPartyName + Friendlyname for the relayingParty. ```yaml -Type: String -Parameter Sets: UserData-HostData, UserEntity-HostData -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-HostData + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserEntity-HostData + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RequestedAlgorithms + Algorithms the RelyingParty accepts ```yaml Type: System.Collections.Generic.List`1[Yubico.YubiKey.Fido2.Cose.CoseAlgorithmIdentifier] -Parameter Sets: (All) -Aliases: -Accepted values: None, RS256, ES512, ES384, ECDHwHKDF256, EdDSA, ES256 - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- RS256 +- ES512 +- ES384 +- ECDHwHKDF256 +- EdDSA +- ES256 +HelpMessage: '' ``` ### -UserDisplayName + UserDisplayName to create credental for. ```yaml -Type: String -Parameter Sets: UserData-HostData, UserData-RelyingParty -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-RelyingParty + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserData-HostData + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -UserEntity + Supply the user entity in complete form. ```yaml -Type: UserEntity -Parameter Sets: UserEntity-HostData, UserEntity-RelyingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Fido2.UserEntity +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserEntity-HostData + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserEntity-RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -UserID + UserID. ```yaml -Type: Byte[] -Parameter Sets: UserData-HostData, UserData-RelyingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserData-HostData + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Username -Username to create credental for. - -```yaml -Type: String -Parameter Sets: UserData-HostData, UserData-RelyingParty -Aliases: -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Username to create credental for. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UserData-RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UserData-HostData + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -251,9 +384,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS -[Enroll YubiKey FIDO2 against demo.yubico.com](https://github.com/virot/powershellYK/blob/master/Docs/Examples/Enroll%20YubiKey%20FIDO2%20against%20demo.yubico.com.md) -[Enroll YubiKey FIDO2 against login.microsoft.com](https://github.com/virot/powershellYK/blob/master/Docs/Examples/Enroll%20YubiKey%20FIDO2%20against%20login.microsoft.com.md) \ No newline at end of file +- [Enroll YubiKey FIDO2 against demo.yubico.com](https://github.com/virot/powershellYK/blob/master/Docs/Examples/Enroll%20YubiKey%20FIDO2%20against%20demo.yubico.com.md) +- [Enroll YubiKey FIDO2 against login.microsoft.com](https://github.com/virot/powershellYK/blob/master/Docs/Examples/Enroll%20YubiKey%20FIDO2%20against%20login.microsoft.com.md) diff --git a/Docs/Commands/New-YubikeyOATHAccount.md b/Docs/Commands/New-YubikeyOATHAccount.md index eb189bf..51f7a5f 100644 --- a/Docs/Commands/New-YubikeyOATHAccount.md +++ b/Docs/Commands/New-YubikeyOATHAccount.md @@ -1,183 +1,255 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # New-YubikeyOATHAccount ## SYNOPSIS + Created a TOTP or HOTP account ## SYNTAX ### TOTP (Default) + ``` -New-YubikeyOATHAccount [-TOTP] -Issuer -Accountname [-Algorithm ] - -Secret -Period [-Digits ] [] +New-YubiKeyOATHAccount -TOTP -Issuer -Accountname -Secret + -Period [-Algorithm ] [-Digits ] [] ``` ### HOTP + ``` -New-YubikeyOATHAccount [-HOTP] -Issuer -Accountname [-Algorithm ] - -Secret [-Digits ] [-Counter] [] +New-YubiKeyOATHAccount -HOTP -Issuer -Accountname -Secret + [-Algorithm ] [-Digits ] [-Counter] [] ``` +## ALIASES + ## DESCRIPTION + Creates new account that can be viewed in the Yubikey Authenticator or using Request-YubikeyOATHCode. ## EXAMPLES ### Example 1 + ```powershell PS C:\> New-YubikeyOATHAccount -TOTP -Accountname "powershellYK" -Issuer "Demo" -Period 60 -Secret (Read-Host -Prompt 'Secret' -MaskInput) Secret: ***************** ``` -Creates en entry +Creates an entry ## PARAMETERS ### -Accountname -Accountname + +Account name ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Algorithm + Algorithm ```yaml -Type: HashAlgorithm -Parameter Sets: (All) -Aliases: -Accepted values: SHA1, SHA256, SHA512 - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Oath.HashAlgorithm +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- SHA1 +- SHA256 +- SHA512 +HelpMessage: '' ``` ### -Counter + Counter ```yaml -Type: SwitchParameter -Parameter Sets: HOTP -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Digits + Digits ```yaml -Type: Int32 -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Int32 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -HOTP + Type of OATH ```yaml -Type: SwitchParameter -Parameter Sets: HOTP -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Issuer + Issuer ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Period + Period for credential ```yaml -Type: CredentialPeriod -Parameter Sets: TOTP -Aliases: -Accepted values: Undefined, Period15, Period30, Period60 - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Oath.CredentialPeriod +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: TOTP + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Undefined +- Period15 +- Period30 +- Period60 +HelpMessage: '' ``` ### -Secret + Secret ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -TOTP + Type of OATH ```yaml -Type: SwitchParameter -Parameter Sets: TOTP -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: TOTP + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -186,6 +258,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/New-YubikeyPIVKey.md b/Docs/Commands/New-YubikeyPIVKey.md index 7db020c..c9b963a 100644 --- a/Docs/Commands/New-YubikeyPIVKey.md +++ b/Docs/Commands/New-YubikeyPIVKey.md @@ -1,28 +1,44 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # New-YubiKeyPIVKey ## SYNOPSIS + Create a new private key ## SYNTAX +### Default (Default) + +``` +New-YubiKeyPIVKey [-Slot] -Algorithm [-PinPolicy ] + [-TouchPolicy ] [-PassThru] [-WhatIf] [-Confirm] [] +``` + +### __AllParameterSets + ``` -New-YubiKeyPIVKey [-Slot] [-PinPolicy ] [-TouchPolicy ] [-PassThru] - [-WhatIf] [-Confirm] -Algorithm [] +New-YubiKeyPIVKey [-Slot] -Algorithm [-PinPolicy ] + [-TouchPolicy ] [-PassThru] [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + This cmdlet will create a new key, this can be done with either RSA or ECC keys. ## EXAMPLES ### Example 1 + ```powershell PS C:\> New-YubikeyPIVKey -Slot 0x9a -Algorithm EccP384 ``` @@ -30,6 +46,7 @@ PS C:\> New-YubikeyPIVKey -Slot 0x9a -Algorithm EccP384 Creates a new Elliptic curve P-384 key in slot 0x9a. ### Example 2 + ```powershell PS C:\> New-YubikeyPIVKey -Slot 0x9a -Algorithm RSA2048 -PinPolicy Never ``` @@ -37,6 +54,7 @@ PS C:\> New-YubikeyPIVKey -Slot 0x9a -Algorithm RSA2048 -PinPolicy Never Create a RSA2048 in slot 0x9a with a PIN policy of never. ### Example 3 + ```powershell PS C:\> New-YubikeyPIVKey -Slot 0x9a -Algorithm EccP384 -TouchPolicy Cached ``` @@ -46,116 +64,177 @@ Create a RSA2048 in slot 0x9a with a touch policy of cached ## PARAMETERS ### -Algorithm + What algorithm to use, dependent on YubiKey firmware. ```yaml -Type: PivAlgorithm -Parameter Sets: (All) -Aliases: -Accepted values: Rsa1024, Rsa2048, Rsa3072, Rsa4096, EccP256, EccP384 +Type: Yubico.YubiKey.Cryptography.KeyType +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Rsa1024 +- Rsa2048 +- Rsa3072 +- Rsa4096 +- EccP256 +- EccP384 +HelpMessage: '' +``` + +### -Confirm -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PassThru + Returns an object that represents the item with which you're working. By default, this cmdlet doesn't generate any output. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PinPolicy -PinPolicy -```yaml -Type: PivPinPolicy -Parameter Sets: (All) -Aliases: -Accepted values: None, Never, Once, Always, MatchOnce, MatchAlways, Default +Pin policy -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: Yubico.YubiKey.Piv.PivPinPolicy +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Never +- Once +- Always +- MatchOnce +- MatchAlways +- Default +HelpMessage: '' ``` ### -Slot -What slot to create a new key for -```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: +What slot to create a new key in -Required: True -Position: 0 -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: 0 + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -TouchPolicy -TouchPolicy -```yaml -Type: PivTouchPolicy -Parameter Sets: (All) -Aliases: -Accepted values: Default, Never, Always, Cached - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Touch policy ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Piv.PivTouchPolicy +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Default +- Never +- Always +- Cached +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -164,6 +243,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/New-YubikeyPIVSelfSign.md b/Docs/Commands/New-YubikeyPIVSelfSign.md index d386ccd..a2bd62d 100644 --- a/Docs/Commands/New-YubikeyPIVSelfSign.md +++ b/Docs/Commands/New-YubikeyPIVSelfSign.md @@ -1,28 +1,44 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # New-YubikeyPIVSelfSign ## SYNOPSIS + Create a self signed certificate ## SYNTAX +### Default (Default) + ``` -New-YubikeyPIVSelfSign -Slot [-Subjectname ] [-HashAlgorithm ] [-WhatIf] - [-Confirm] [] +New-YubikeyPIVSelfSign -Slot [-Subjectname ] [-HashAlgorithm ] + [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +New-YubiKeyPIVSelfSign -Slot [-Subjectname ] [-HashAlgorithm ] + [-WhatIf] [-Confirm] [] +``` + +## ALIASES + ## DESCRIPTION + This cmdlet creates a selfsigned certificate for a private key. ## EXAMPLES ### Example 1 + ```powershell PS C:\> New-YubikeyPIVSelfSign -Slot 0x9a ``` @@ -31,85 +47,123 @@ Creates a selfsigned certificate and installs into the 0x9a slot. ## PARAMETERS -### -HashAlgorithm -HashAlgoritm +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: HashAlgorithmName -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: -Accepted values: SHA1, SHA256, SHA384, SHA512 - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Slot -Sign a self signed cert for slot +### -HashAlgorithm -```yaml -Type: PIVSlot -Parameter Sets: (All) -Aliases: +Hash algoritm -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Security.Cryptography.HashAlgorithmName +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- SHA1 +- SHA256 +- SHA384 +- SHA512 +HelpMessage: '' ``` -### -Subjectname -Subjectname of certificate +### -Slot -```yaml -Type: String -Parameter Sets: (All) -Aliases: +Sign a self-signed certificate for slot -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -Subjectname + +Subject name of certificate ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -118,6 +172,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Protect-YubikeyOATH.md b/Docs/Commands/Protect-YubikeyOATH.md index 0a2c1e2..11284ce 100644 --- a/Docs/Commands/Protect-YubikeyOATH.md +++ b/Docs/Commands/Protect-YubikeyOATH.md @@ -1,5 +1,5 @@ --- -external help file: powershellYK.dll-help.xml +external help file: powershellYK.dll-Help.xml Module Name: powershellYK online version: schema: 2.0.0 diff --git a/Docs/Commands/Register-YubikeyBIOFingerprint.md b/Docs/Commands/Register-YubikeyBIOFingerprint.md index a8b3bc0..6e2ebe0 100644 --- a/Docs/Commands/Register-YubikeyBIOFingerprint.md +++ b/Docs/Commands/Register-YubikeyBIOFingerprint.md @@ -1,27 +1,42 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Register-YubikeyBIOFingerprint ## SYNOPSIS + Register a new fingerprint on a YubiKey Bio _or_ a YubiKey Bio Multi-Protocol Edition (MPE). ## SYNTAX +### Default (Default) + ``` Register-YubikeyBIOFingerprint [-Name ] [] ``` +### __AllParameterSets + +``` +Register-YubiKeyBIOFingerprint [-Name ] [] +``` + +## ALIASES + ## DESCRIPTION + Register a new fingerprint on a YubiKey Bio _or_ a YubiKey Bio Multi-Protocol Edition (MPE). ## EXAMPLES ### Example 1 + ```powershell PS C:\> Register-YubikeyBIOFingerprint -Name "left index" @@ -35,22 +50,32 @@ This adds a new fingerprint to the YubiKey Bio / YubiKey Bio MPE. ## PARAMETERS ### -Name + Name of finger to register, for example: "left index" or "right index". ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -59,6 +84,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Remove-YubiKeyBIOFingerprint.md b/Docs/Commands/Remove-YubiKeyBIOFingerprint.md index 4c23ee0..a316350 100644 --- a/Docs/Commands/Remove-YubiKeyBIOFingerprint.md +++ b/Docs/Commands/Remove-YubiKeyBIOFingerprint.md @@ -1,33 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Remove-YubiKeyBIOFingerprint ## SYNOPSIS + Removes a selected fingerprint template from the YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ## SYNTAX ### Remove using Name + ``` Remove-YubiKeyBIOFingerprint -Name [-WhatIf] [-Confirm] [] ``` ### Remove using ID + ``` Remove-YubiKeyBIOFingerprint -ID [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + {{ Fill in the Description }} ## EXAMPLES ### Example 1 + ```powershell PS C:\> Remove-YubikeyBIOFingerprint -Name "left index" [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y @@ -37,6 +46,7 @@ Fingerprint 'left index' successfully deleted. A fingerprint template is removed by name. ### Example 2 + ```powershell Remove-YubikeyBIOFingerprint -ID 23FC [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y @@ -47,68 +57,98 @@ A fingerprint template is removed by ID. ## PARAMETERS -### -ID -ID of finger to remove +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: String -Parameter Sets: Remove using ID +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Name -Name of finger to remove +### -ID -```yaml -Type: String -Parameter Sets: Remove using Name -Aliases: +ID of fingerprint to remove -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove using ID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -Name + +Name of fingerprint to remove ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove using Name + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -117,6 +157,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Remove-YubikeyFIDO2Credential.md b/Docs/Commands/Remove-YubikeyFIDO2Credential.md index abc67c4..9c5c40c 100644 --- a/Docs/Commands/Remove-YubikeyFIDO2Credential.md +++ b/Docs/Commands/Remove-YubikeyFIDO2Credential.md @@ -1,35 +1,44 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Remove-YubikeyFIDO2Credential ## SYNOPSIS + Removes a FIDO2 credential from the YubiKey. ## SYNTAX ### Remove with CredentialID (Default) + ``` Remove-YubikeyFIDO2Credential -CredentialId [-WhatIf] [-Confirm] [] ``` ### Remove with username and RelayingParty + ``` Remove-YubikeyFIDO2Credential -Username -RelayingParty [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Allows the removal of a FIDO2 credential from the YubiKey. The credential can be removed by specifying the CredentialID or by specifying the Username and RelayingParty. The Cmdlet also allows piping of the CredentialID to remove the credential. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Remove-YubikeyFIDO2Credential -User 'powershellYK' -RelayingParty 'demo.yubico.com' ``` @@ -37,13 +46,15 @@ PS C:\> Remove-YubikeyFIDO2Credential -User 'powershellYK' -RelayingParty 'demo. Removes the credential for the user 'powershellYK' from the RelayingParty 'demo.yubico.com' ### Example 2 + ```powershell PS C:\> Remove-YubikeyFIDO2Credential -CredentialId ac37c06c15ec4458d0cf545db3cc0f8e3992e512d1c3e19d571417b12124634f01e6e3397bdbc8e74b96f950ea4bf600 ``` -Removes the credential with a specified CredentialID +Removes the credential with a specified CredentialID ### Example 3 + ```powershell PS C:\> Get-YubiKeyFIDO2Credential|Where-Object RPId -eq 'demo.yubico.com'|Remove-YubikeyFIDO2Credential -Confirm:$false ``` @@ -52,84 +63,119 @@ Removes all FIDO2 credentials for the RelayingParty 'demo.yubico.com' ## PARAMETERS -### -CredentialId -Credential ID to remove +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: CredentialID -Parameter Sets: Remove with CredentialID +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -CredentialId + +Credential ID to remove -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False +```yaml +Type: powershellYK.FIDO2.CredentialID +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove with CredentialID + Position: Named + IsRequired: true + ValueFromPipeline: true + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RelayingParty + RelayingParty to remove user from ```yaml -Type: String -Parameter Sets: Remove with username and RelayingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove with username and RelayingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Username -User to remove - -```yaml -Type: String -Parameter Sets: Remove with username and RelayingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +User to remove ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove with username and RelayingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -138,6 +184,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Remove-YubikeyOATHAccount.md b/Docs/Commands/Remove-YubikeyOATHAccount.md index 748a7e4..47059f3 100644 --- a/Docs/Commands/Remove-YubikeyOATHAccount.md +++ b/Docs/Commands/Remove-YubikeyOATHAccount.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Remove-YubikeyOATHAccount ## SYNOPSIS + Removes an account from the YubiKey OATH application. ## SYNTAX +### Default (Default) + ``` Remove-YubikeyOATHAccount -Account [] ``` +### __AllParameterSets + +``` +Remove-YubiKeyOATHAccount -Account [] +``` + +## ALIASES + ## DESCRIPTION + Removes an account from the Yubikey OATH application ## EXAMPLES ### Example 1 + ```powershell PS C:\> Remove-YubikeyOATHAccount -Account (Get-YubikeyOATHAccount | ?{$_.Issuer -eq 'Yubico Demo'}) ``` @@ -31,22 +46,33 @@ Removes the account with the issuer 'Yubico Demo'. ## PARAMETERS ### -Account + Credential to remove ```yaml -Type: Credential -Parameter Sets: (All) -Aliases: Credential - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False +Type: Yubico.YubiKey.Oath.Credential +DefaultValue: None +SupportsWildcards: false +Aliases: +- Credential +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: true + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -55,6 +81,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Remove-YubikeyOTP.md b/Docs/Commands/Remove-YubikeyOTP.md index 7650f17..63f22f2 100644 --- a/Docs/Commands/Remove-YubikeyOTP.md +++ b/Docs/Commands/Remove-YubikeyOTP.md @@ -1,27 +1,43 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Remove-YubikeyOTP ## SYNOPSIS + Remove YubiKey OTP slot. ## SYNTAX +### Default (Default) + ``` Remove-YubikeyOTP -Slot [-WhatIf] [-Confirm] [] ``` +### Remove + +``` +Remove-YubiKeyOTP -Slot [-CurrentAccessCode ] [-WhatIf] [-Confirm] + [] +``` + +## ALIASES + ## DESCRIPTION + Remove the OTP configuration from a slot on the Yubikey ## EXAMPLES ### Example 1 + ```powershell PS C:\> Remove-YubikeyOTP -Slot 1 ``` @@ -29,6 +45,7 @@ PS C:\> Remove-YubikeyOTP -Slot 1 Removes the OTP configuration from slot 1 (Short press) ### Example 2 + ```powershell PS C:\> $Slot = [Yubico.YubiKey.Otp.Slot]::ShortPress PS C:\> Remove-YubikeyOTP -Slot $Slot @@ -38,54 +55,101 @@ Removes the OTP configuration from slot 1 (Short press) ## PARAMETERS -### -Slot -Yubikey OTP Slot +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: Slot -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: -Accepted values: None, ShortPress, LongPress +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -CurrentAccessCode -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Current access code (12-character hex string) + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -Slot + +YubiOTP Slot ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Otp.Slot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Remove + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- ShortPress +- LongPress +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -94,6 +158,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Remove-YubikeyPIVKey.md b/Docs/Commands/Remove-YubikeyPIVKey.md index e842055..5ae183a 100644 --- a/Docs/Commands/Remove-YubikeyPIVKey.md +++ b/Docs/Commands/Remove-YubikeyPIVKey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Remove-YubikeyPIVKey ## SYNOPSIS + Remove a key from a YubiKey PIV slot. ## SYNTAX +### Default (Default) + ``` Remove-YubikeyPIVKey -Slot [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +Remove-YubiKeyPIVKey -Slot [-WhatIf] [-Confirm] [] +``` + +## ALIASES + ## DESCRIPTION + This command will remove the key from the specified slot on the Yubikey. This will remove the key from the slot and the key will no longer be usable. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Remove-YubikeyPIVKey -Slot "PIV Authentication" ``` @@ -30,54 +45,77 @@ This command will remove the key from the PIV Authentication (0x9a) slot on the ## PARAMETERS -### -Slot -What slot to move a key from +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: PIVSlot -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -Slot + +What slot to remove a key from ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: powershellYK.PIV.PIVSlot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -86,6 +124,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Rename-YubikeyBIOFingerprint.md b/Docs/Commands/Rename-YubikeyBIOFingerprint.md index d4383bc..b01fce9 100644 --- a/Docs/Commands/Rename-YubikeyBIOFingerprint.md +++ b/Docs/Commands/Rename-YubikeyBIOFingerprint.md @@ -1,33 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Rename-YubiKeyBIOFingerprint ## SYNOPSIS + Changes the template name of a registered fingerprint on the YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ## SYNTAX ### Rename using Name + ``` Rename-YubiKeyBIOFingerprint -Name -NewName [] ``` ### Rename using ID + ``` Rename-YubiKeyBIOFingerprint -ID -NewName [] ``` +## ALIASES + ## DESCRIPTION + You can update the friendly name of a fingerprint on the yubikey Bio. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Get-YubikeyBIOFingerprint @@ -42,6 +51,7 @@ Fingerprint renamed (left index finger). Changes the friendly name of the fingerprint with name "left index" to "left index finger". ### Example 2 + ```powershell PS C:\> Get-YubikeyBIOFingerprint @@ -58,52 +68,80 @@ Changes the friendly name of the fingerprint with name "left index to "thumb". ## PARAMETERS ### -ID -ID of finger to rename + +ID of fingerprint to rename ```yaml -Type: String -Parameter Sets: Rename using ID -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Rename using ID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Name -Friendly name of finger to rename + +Friendly name of fingerprint to rename ```yaml -Type: String -Parameter Sets: Rename using Name -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Rename using Name + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewName + New friendly name ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Rename using ID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Rename using Name + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -112,6 +150,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Rename-YubikeyOATHAccount.md b/Docs/Commands/Rename-YubikeyOATHAccount.md index 504aa1c..8f29722 100644 --- a/Docs/Commands/Rename-YubikeyOATHAccount.md +++ b/Docs/Commands/Rename-YubikeyOATHAccount.md @@ -1,84 +1,123 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Rename-YubikeyOATHAccount ## SYNOPSIS + Rename OATH account ## SYNTAX +### Default (Default) + ``` Rename-YubikeyOATHAccount -Account [-NewAccountName ] [-NewIssuer ] [] ``` +### __AllParameterSets + +``` +Rename-YubiKeyOATHAccount -Account [-NewAccountName ] [-NewIssuer ] + [] +``` + +## ALIASES + ## DESCRIPTION + Rename OATH account ## EXAMPLES ### Example 1 + ```powershell PS C:\> $Accounttochange = Get-YubikeyOATHAccount | Where-Object {$_.Issuer -eq 'Yubico Demo'} PS C:\> Rename-YubikeyOATHAccount -Credential $Accounttochange -NewIssuer "powershellYK Demo" ``` -Selects and updates the Issuer from 'Yubico Demo' to 'powershellYK Demo' +Selects and updates the Issuer from 'Yubico Demo' to 'powershellYK Demo' ## PARAMETERS ### -Account -Account to remove + +Account to rename ```yaml -Type: Credential -Parameter Sets: (All) -Aliases: Credential - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Oath.Credential +DefaultValue: None +SupportsWildcards: false +Aliases: +- Credential +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewAccountName -New AccountName -```yaml -Type: String -Parameter Sets: (All) -Aliases: +New Account name -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewIssuer + New Issuer ```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -87,6 +126,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Request-YubikeyOATHCode.md b/Docs/Commands/Request-YubikeyOATHCode.md index dea6c96..ede9c39 100644 --- a/Docs/Commands/Request-YubikeyOATHCode.md +++ b/Docs/Commands/Request-YubikeyOATHCode.md @@ -1,33 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Request-YubikeyOATHCode ## SYNOPSIS + Displays TOTP / HOTP codes for YubiKey OATH credentials. ## SYNTAX ### All (Default) + ``` -Request-YubikeyOATHCode [-All] [] +Request-YubiKeyOATHCode -All [] ``` ### Specific + ``` -Request-YubikeyOATHCode -Account [] +Request-YubiKeyOATHCode -Account [] ``` +## ALIASES + ## DESCRIPTION + Displays TOTP / HOTP codes for Yubikey OATH credentials ## EXAMPLES ### Example 1 + ```powershell PS C:\> Request-YubikeyOATHCode @@ -43,37 +52,54 @@ List the current code for all OATH credentials ## PARAMETERS ### -Account + Account to generate code for ```yaml -Type: Credential -Parameter Sets: Specific -Aliases: Credential - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False +Type: Yubico.YubiKey.Oath.Credential +DefaultValue: None +SupportsWildcards: false +Aliases: +- Credential +ParameterSets: +- Name: Specific + Position: Named + IsRequired: true + ValueFromPipeline: true + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -All -Get codes for all credentials -```yaml -Type: SwitchParameter -Parameter Sets: All -Aliases: +Get codes for all accounts -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: All + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -82,6 +108,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Request-YubikeyOTPChallange.md b/Docs/Commands/Request-YubikeyOTPChallange.md index 9cd8c75..20d9fd2 100644 --- a/Docs/Commands/Request-YubikeyOTPChallange.md +++ b/Docs/Commands/Request-YubikeyOTPChallange.md @@ -1,27 +1,44 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Request-YubikeyOTPChallange ## SYNOPSIS + Send Challaenge to YubiKey. ## SYNTAX +### Default (Default) + ``` -Request-YubikeyOTPChallange -Slot -Phrase [-YubikeyOTP ] [] +Request-YubikeyOTPChallange -Slot -Phrase [-YubikeyOTP ] + [] ``` +### __AllParameterSets + +``` +Request-YubiKeyOTPChallange -Slot -Phrase [-YubikeyOTP ] + [] +``` + +## ALIASES + ## DESCRIPTION + Allow the sending of a yubikey challenge to the yubikey device. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Request-YubikeyOTPChallange -Slot ShortPress -Phrase "01" 08D0DDD5DA2CC01566947555AA49F400F4F6F8A4 @@ -30,6 +47,7 @@ PS C:\> Request-YubikeyOTPChallange -Slot ShortPress -Phrase "01" Sending the challenge phrase "01" to the yubikey device in the ShortPress slot. ### Example 2 + ```powershell PS C:\> $Challaenge = [byte[]](01) PS C:\> Request-YubikeyOTPChallange -Slot ShortPress -Phrase $Challaenge @@ -41,53 +59,77 @@ Sending the challenge phrase "01" to the yubikey device in the ShortPress slot. ## PARAMETERS ### -Phrase + Phrase ```yaml -Type: PSObject -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot -Yubikey OTP Slot + +YubiOTP Slot ```yaml -Type: Slot -Parameter Sets: (All) -Aliases: -Accepted values: None, ShortPress, LongPress - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Otp.Slot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- ShortPress +- LongPress +HelpMessage: '' ``` ### -YubikeyOTP -Use YubicoOTP over HMAC-SHA1 + +Use YubiOTP over HMAC-SHA1 ```yaml -Type: Boolean -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Boolean +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -96,6 +138,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Reset-YubiKeyBioMPE.md b/Docs/Commands/Reset-YubiKeyBioMPE.md index 5536a37..1d852f3 100644 --- a/Docs/Commands/Reset-YubiKeyBioMPE.md +++ b/Docs/Commands/Reset-YubiKeyBioMPE.md @@ -1,27 +1,42 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Reset-YubiKeyBioMPE ## SYNOPSIS + Allows the user to reset the YubiKey Bio Multi-Protocol Edition (MPE) to factory settings. ## SYNTAX +### Default (Default) + ``` Reset-YubiKeyBioMPE [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +Reset-YubiKeyBioMPE [-WhatIf] [-Confirm] [] +``` + +## ALIASES + ## DESCRIPTION + Allows the user to reset the YubiKey Bio Multi-Protocol Edition (MPE) to factory settings. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Reset-YubiKeyBioMPE -Confirm:$False ``` @@ -31,38 +46,55 @@ Reset the YubiKey Bio Multi-Protocol Edition (MPE) to factory settings without p ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -71,6 +103,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Reset-YubikeyFIDO2.md b/Docs/Commands/Reset-YubikeyFIDO2.md index 57a0489..e2f6499 100644 --- a/Docs/Commands/Reset-YubikeyFIDO2.md +++ b/Docs/Commands/Reset-YubikeyFIDO2.md @@ -1,28 +1,43 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Reset-YubiKeyFIDO2 ## SYNOPSIS + Reset a YubiKey FIDO2 device to factory settings. ## SYNTAX +### Default (Default) + +``` +Reset-YubiKeyFIDO2 [-WhatIf] [-Confirm] [] +``` + +### __AllParameterSets + ``` Reset-YubiKeyFIDO2 [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Resets the YubiKey FIDO2 applet to factory settings. This will remove all stored credentials and reset the applet to factory settings. This REQUIRES the YubiKey to be (re)inserted at a maximum `5` seconds _before_ running the command. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Reset-YubikeyFIDO2 ``` @@ -32,37 +47,55 @@ Resets the YubiKey FIDO2 applet to factory settings. ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -71,6 +104,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Reset-YubikeyOATH.md b/Docs/Commands/Reset-YubikeyOATH.md index 3f8a495..e066cec 100644 --- a/Docs/Commands/Reset-YubikeyOATH.md +++ b/Docs/Commands/Reset-YubikeyOATH.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Reset-YubikeyOATH ## SYNOPSIS + Reset the entire YubiKey OATH application. ## SYNTAX +### Default (Default) + ``` Reset-YubikeyOATH [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +Reset-YubiKeyOATH [-WhatIf] [-Confirm] [] +``` + +## ALIASES + ## DESCRIPTION + Reset the entire Yubikey OATH application. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Reset-YubikeyOATH ``` @@ -31,38 +46,55 @@ Resets the entire Yubikey OATH application. ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -71,6 +103,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Reset-YubikeyPIV.md b/Docs/Commands/Reset-YubikeyPIV.md index 72a5f33..de83a87 100644 --- a/Docs/Commands/Reset-YubikeyPIV.md +++ b/Docs/Commands/Reset-YubikeyPIV.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Reset-YubikeyPIV ## SYNOPSIS + Resets the PIV part of your YubiKey. ## SYNTAX +### Default (Default) + ``` Reset-YubikeyPIV [-Force] [-WhatIf] [-Confirm] [] ``` +### __AllParameterSets + +``` +Reset-YubiKeyPIV [-Force] [-WhatIf] [-Confirm] [] +``` + +## ALIASES + ## DESCRIPTION + This command will reset your Yubikey to factory settings. PIN, PUK and Managmentkey will be default after. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Reset-YubikeyPIV ``` @@ -30,54 +45,77 @@ Will reset the PIV part of your Yubikey ## PARAMETERS -### -Force -Force reset +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -Force + +Force reset of the PIV applet ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -90,3 +128,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubiKeyOATHPassword.md b/Docs/Commands/Set-YubiKeyOATHPassword.md index e9b5237..3ffb5c9 100644 --- a/Docs/Commands/Set-YubiKeyOATHPassword.md +++ b/Docs/Commands/Set-YubiKeyOATHPassword.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubiKeyOATHPassword ## SYNOPSIS + Set the password for the YubiKey OATH application. ## SYNTAX +### Default (Default) + ``` Set-YubiKeyOATHPassword -OldPassword -NewPassword [] ``` +### Password + +``` +Set-YubiKeyOATHPassword -OldPassword -NewPassword [] +``` + +## ALIASES + ## DESCRIPTION + Set the password for the YubiKey OATH application. ## EXAMPLES ### Example 1 + ```powershell PS C:\> ``` @@ -31,37 +46,53 @@ PS C:\> ## PARAMETERS ### -NewPassword + New password provided as a SecureString. ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Password + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -OldPassword + Current password provided as a SecureString. ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Password + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -70,6 +101,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubiKeyOTPSlotAccessCode.md b/Docs/Commands/Set-YubiKeyOTPSlotAccessCode.md index 50fb6cc..fa856aa 100644 --- a/Docs/Commands/Set-YubiKeyOTPSlotAccessCode.md +++ b/Docs/Commands/Set-YubiKeyOTPSlotAccessCode.md @@ -1,36 +1,46 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubiKeyOTPSlotAccessCode ## SYNOPSIS + Sets, changes or removes the OTP slot access code for a YubiKey. he access code protects OTP slot configurations from unauthorized modifications. ## SYNTAX ### SetNewAccessCode + ``` -Set-YubiKeyOTPSlotAccessCode -Slot [-AccessCode ] [-WhatIf] [-Confirm] [] +Set-YubiKeyOTPSlotAccessCode -Slot [-AccessCode ] [-WhatIf] [-Confirm] + [] ``` ### ChangeAccessCode + ``` -Set-YubiKeyOTPSlotAccessCode -Slot -AccessCode -CurrentAccessCode [-WhatIf] [-Confirm] - [] +Set-YubiKeyOTPSlotAccessCode -Slot -AccessCode -CurrentAccessCode [-WhatIf] + [-Confirm] [] ``` ### RemoveAccessCode + ``` -Set-YubiKeyOTPSlotAccessCode -Slot -CurrentAccessCode [-RemoveAccessCode] [-WhatIf] [-Confirm] - [] +Set-YubiKeyOTPSlotAccessCode -Slot -CurrentAccessCode [-RemoveAccessCode] [-WhatIf] + [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Sets, changes or removes the OTP slot access code for a YubiKey. The access code protects OTP slot configurations from unauthorized modifications. Access codes are 6 bytes in length, provided as 12-character hex strings. @@ -38,6 +48,7 @@ Access codes are 6 bytes in length, provided as 12-character hex strings. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-YubiKeySlotAccessCode -Slot LongPress -AccessCode "010203040506" ``` @@ -45,6 +56,7 @@ PS C:\> Set-YubiKeySlotAccessCode -Slot LongPress -AccessCode "010203040506" Set a new access code for a slot (when no access code exists) ### Example 2 + ```powershell PS C:\> Set-YubiKeyOTPSlotAccessCode -Slot ShortPress -CurrentAccessCode "010203040506" -AccessCode "060504030201" ``` @@ -52,6 +64,7 @@ PS C:\> Set-YubiKeyOTPSlotAccessCode -Slot ShortPress -CurrentAccessCode "010203 Change an existing slot access code ### Example 3 + ```powershell PS C:\> Set-YubiKeyOTPSlotAccessCode -Slot LongPress -CurrentAccessCode "010203040506" -RemoveAccessCode ``` @@ -61,111 +74,154 @@ Remove slot access code protection (set to all zeros) ## PARAMETERS ### -AccessCode + New access code (12-character hex string) ```yaml -Type: String -Parameter Sets: SetNewAccessCode -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: SetNewAccessCode + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: ChangeAccessCode + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` +### -Confirm + +Prompts you for confirmation before running the cmdlet. + ```yaml -Type: String -Parameter Sets: ChangeAccessCode +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -CurrentAccessCode + Current access code (12-character hex string) ```yaml -Type: String -Parameter Sets: ChangeAccessCode, RemoveAccessCode -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeAccessCode + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: RemoveAccessCode + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RemoveAccessCode + Remove access code protection ```yaml -Type: SwitchParameter -Parameter Sets: RemoveAccessCode -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: RemoveAccessCode + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot -Yubikey OTP Slot -```yaml -Type: Slot -Parameter Sets: (All) -Aliases: -Accepted values: None, ShortPress, LongPress - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Yubikey OTP Slot ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Otp.Slot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- ShortPress +- LongPress +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -174,6 +230,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-Yubikey.md b/Docs/Commands/Set-Yubikey.md index 9f6dcef..b2c8a08 100644 --- a/Docs/Commands/Set-Yubikey.md +++ b/Docs/Commands/Set-Yubikey.md @@ -1,60 +1,74 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-Yubikey ## SYNOPSIS + Allows basic YubiKey configuration. ## SYNTAX ### Replace USB capabilities + ``` -Set-Yubikey -UsbCapabilities [-WhatIf] [-Confirm] [] +Set-YubiKey -UsbCapabilities [-WhatIf] [-Confirm] [] ``` ### Update USB capabilities + ``` -Set-Yubikey [-EnableUsbCapabilities ] [-DisableUsbCapabilities ] - [-WhatIf] [-Confirm] [] +Set-YubiKey [-EnableUsbCapabilities ] + [-DisableUsbCapabilities ] [-WhatIf] [-Confirm] [] ``` ### Replace NFC capabilities + ``` -Set-Yubikey -NFCCapabilities [-WhatIf] [-Confirm] [] +Set-YubiKey -NFCCapabilities [-WhatIf] [-Confirm] [] ``` ### Update NFC capabilities + ``` -Set-Yubikey [-EnableNFCCapabilities ] [-DisableNFCCapabilities ] - [-WhatIf] [-Confirm] [] +Set-YubiKey [-EnableNFCCapabilities ] + [-DisableNFCCapabilities ] [-WhatIf] [-Confirm] [] ``` ### Set Restricted NFC + ``` -Set-Yubikey [-SecureTransportMode] [-WhatIf] [-Confirm] [] +Set-YubiKey -SecureTransportMode [-WhatIf] [-Confirm] [] ``` ### Update Touch Eject flag + ``` -Set-Yubikey -TouchEject [-WhatIf] [-Confirm] [] +Set-YubiKey -TouchEject [-WhatIf] [-Confirm] [] ``` ### Set automatically eject + ``` -Set-Yubikey -AutoEjectTimeout [-WhatIf] [-Confirm] [] +Set-YubiKey -AutoEjectTimeout [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Allows configuration of USB / NFC capabilities and the touch eject flag. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-Yubikey -UsbCapabilities All WARNING: Yubikey will reboot, diconnecting powershellYK. @@ -65,189 +79,312 @@ Enables all applications over USB. ## PARAMETERS ### -AutoEjectTimeout -Automatically eject after the given time. -Implies -TouchEject:$True. -Value in seconds. + +Automatically eject after the given time. Implies -TouchEject:$True. Value in seconds. ```yaml -Type: UInt16 -Parameter Sets: Set automatically eject -Aliases: +Type: System.UInt16 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set automatically eject + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -DisableNFCCapabilities + Disable select capabilities over NFC. The command can be used to improve -user experience by _disabling__ YubiKey features that are not in use. +user experience by _disabling__ YubiKey features that are not in use. For example, an organization may want to disable OTP/OATH if only FIDO or PIV is used. ```yaml -Type: YubiKeyCapabilities -Parameter Sets: Update NFC capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyCapabilities +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Update NFC capabilities + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -DisableUsbCapabilities + Disable select capabilities over USB. The command can be used to improve -user experience by _disabling__ YubiKey features that are not in use. +user experience by _disabling__ YubiKey features that are not in use. For example, an organization may want to disable OTP/OATH if only FIDO or PIV is used. ```yaml -Type: YubiKeyCapabilities -Parameter Sets: Update USB capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyCapabilities +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Update USB capabilities + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -EnableNFCCapabilities + Enable select capabilities over NFC. If a needed feature has been turned off, the command can be used to (re)enable the feature over NFC. ```yaml -Type: YubiKeyCapabilities -Parameter Sets: Update NFC capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyCapabilities +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Update NFC capabilities + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -EnableUsbCapabilities + Enable select capabilities over USB. If a needed feature has been turned off, the command can be used to (re)enable the feature over USB. ```yaml -Type: YubiKeyCapabilities -Parameter Sets: Update USB capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyCapabilities +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Update USB capabilities + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -NFCCapabilities + Replace current NFC capabilities with selected capabilities. ```yaml -Type: YubiKeyCapabilities -Parameter Sets: Replace NFC capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[Yubico.YubiKey.YubiKeyCapabilities] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Replace NFC capabilities + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -SecureTransportMode + Enable Restricted NFC as supported by YubiKeys with firmware `5.7` or later. -When set, the YubiKey will limit access to capabilites over NFC until USB powered. +When set, the YubiKey will limit access to capabilites over NFC until USB powered. This feature is typically toggled when _shipping__ YubiKeys in tamper-evident packaging. ```yaml -Type: SwitchParameter -Parameter Sets: Set Restricted NFC -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set Restricted NFC + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -TouchEject + Allows loading/unloading the smartcard by touching the YubiKey. ```yaml -Type: Boolean -Parameter Sets: Update Touch Eject flag -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Boolean +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Update Touch Eject flag + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -UsbCapabilities -Replace current USB capabilities with with selected capabilities. -```yaml -Type: YubiKeyCapabilities -Parameter Sets: Replace USB capabilities -Aliases: -Accepted values: None, Otp, FidoU2f, Ccid, OpenPgp, Piv, Oath, YubiHsmAuth, Fido2, All - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Replace current USB capabilities with selected capabilities. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.YubiKeyCapabilities +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Replace USB capabilities + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- Otp +- FidoU2f +- Ccid +- OpenPgp +- Piv +- Oath +- YubiHsmAuth +- Fido2 +- All +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -256,6 +393,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubikeyFIDO2.md b/Docs/Commands/Set-YubikeyFIDO2.md index 5d53892..309f1bd 100644 --- a/Docs/Commands/Set-YubikeyFIDO2.md +++ b/Docs/Commands/Set-YubikeyFIDO2.md @@ -1,43 +1,54 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubiKeyFIDO2 ## SYNOPSIS + Allows settings FIDO2 options. ## SYNTAX ### Set PIN minimum length + ``` -Set-YubiKeyFIDO2 -MinimumPINLength [] +Set-YubiKeyFIDO2 -MinimumPINLength [] ``` ### Set force PIN change + ``` -Set-YubiKeyFIDO2 [-ForcePINChange] [] +Set-YubiKeyFIDO2 -ForcePINChange [] ``` ### Send MinimumPIN to RelyingParty + ``` Set-YubiKeyFIDO2 -MinimumPINRelyingParty [] ``` ### Set PIN + ``` -Set-YubiKeyFIDO2 [-SetPIN] [-OldPIN ] -NewPIN [] +Set-YubiKeyFIDO2 -NewPIN [-SetPIN] [-OldPIN ] [] ``` +## ALIASES + ## DESCRIPTION + Allows the setting of PIN code and minimum PIN length. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-YubikeyFIDO2 -SetPIN @@ -50,6 +61,7 @@ NewPIN: ****** Set a PIN on the Yubikey ### Example 2 + ```powershell PS C:\> Connect-YubikeyFIDO2 @@ -68,6 +80,7 @@ NewPIN: ****** **NOTE**: The setting requires PIN be provided first using the `Connect-YubikeyFIDO2` command. ### Example + ```powershell PS C:\> Set-YubikeyFIDO2 -ForcePINChange ``` @@ -75,6 +88,7 @@ PS C:\> Set-YubikeyFIDO2 -ForcePINChange **NOTE**: The setting requires PIN be provided first using the `Connect-YubikeyFIDO2` command. ### MinimumPINLength + Set the _minimum_ length of the PIN as supported by YubiKeys with firmware `5.7` or later. When set, any PIN selected by the user must equal to or longer than the enforced value. @@ -91,6 +105,7 @@ Accept wildcard characters: False ``` ### MinimumPINRelyingParty + To which RelyingParty should minimum PIN be sent ```yaml @@ -106,6 +121,7 @@ Accept wildcard characters: False ``` ### NewPIN + New PIN ```yaml @@ -121,6 +137,7 @@ Accept wildcard characters: False ``` ### OldPIN + Old PIN, required to change the PIN code. ```yaml @@ -136,6 +153,7 @@ Accept wildcard characters: False ``` ### SetPIN + Easy access to Set new PIN ```yaml @@ -151,103 +169,144 @@ Accept wildcard characters: False ``` ### CommonParameters + This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). ## PARAMETERS ### -ForcePINChange + Enable the **_forceChangePin__** flag as supported by YubiKeys with firmware `5.7` or later. When set, the feature will force the user to change the FIDO2 applet PIN on first use. ```yaml -Type: SwitchParameter -Parameter Sets: Set force PIN change -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set force PIN change + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -MinimumPINLength + Set the minimum length of the PIN ```yaml -Type: Int32 -Parameter Sets: Set PIN minimum length -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Nullable`1[System.Int32] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN minimum length + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -MinimumPINRelyingParty + To which RelyingParty should minimum PIN be sent ```yaml -Type: String -Parameter Sets: Send MinimumPIN to RelyingParty -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Send MinimumPIN to RelyingParty + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewPIN + New PIN code to set for the FIDO2 module. ```yaml -Type: SecureString -Parameter Sets: Set PIN -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -OldPIN + Old PIN, required to change the PIN code. ```yaml -Type: SecureString -Parameter Sets: Set PIN -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -SetPIN + Easy access to Set new PIN ```yaml -Type: SwitchParameter -Parameter Sets: Set PIN -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -256,6 +315,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubikeyFIDO2PIN.md b/Docs/Commands/Set-YubikeyFIDO2PIN.md index 981e275..edf20cb 100644 --- a/Docs/Commands/Set-YubikeyFIDO2PIN.md +++ b/Docs/Commands/Set-YubikeyFIDO2PIN.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubiKeyFIDO2PIN ## SYNOPSIS + Set the PIN for the FIDO2 application on the YubiKey. ## SYNTAX +### Default (Default) + +``` +Set-YubiKeyFIDO2PIN -NewPIN [-OldPIN ] [] +``` + +### Set PIN + ``` -Set-YubiKeyFIDO2PIN [-OldPIN ] -NewPIN [] +Set-YubiKeyFIDO2PIN -OldPIN -NewPIN [] ``` +## ALIASES + ## DESCRIPTION + Set the PIN for the FIDO2 application on the YubiKey. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-YubikeyFIDO2PIN -NewPIN (ConvertTo-SecureString -String "123456" -Force -AsPlainText) ``` @@ -29,6 +44,7 @@ PS C:\> Set-YubikeyFIDO2PIN -NewPIN (ConvertTo-SecureString -String "123456" -Fo Sets the initial PIN or update a connected YubiKeys FIDO2 application PIN. ### Example 2 + ```powershell PS C:\> Set-YubikeyFIDO2PIN -OldPIN (ConvertTo-SecureString -String "123456" -Force -AsPlainText) -NewPIN (ConvertTo-SecureString -String "234567" -Force -AsPlainText) ``` @@ -38,37 +54,53 @@ Update the FIDO2 application PIN on an unconnected YubiKey. ## PARAMETERS ### -NewPIN + New PIN code to set for the FIDO applet. ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -OldPIN + Old PIN, required to change the PIN code. ```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set PIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -77,6 +109,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubikeyOTP.md b/Docs/Commands/Set-YubikeyOTP.md index 405fb88..921e69c 100644 --- a/Docs/Commands/Set-YubikeyOTP.md +++ b/Docs/Commands/Set-YubikeyOTP.md @@ -1,58 +1,75 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubiKeyOTP ## SYNOPSIS + Configure OTP slots ## SYNTAX ### Yubico OTP + ``` -Set-YubiKeyOTP -Slot [-YubicoOTP] [-PublicID ] [-PrivateID ] [-SecretKey ] - [-Upload] [-WhatIf] [-Confirm] [] +Set-YubiKeyOTP -Slot [-YubicoOTP] [-PublicID ] [-PrivateID ] + [-SecretKey ] [-Upload] [-AccessCode ] [-CurrentAccessCode ] [-WhatIf] + [-Confirm] [] ``` ### Static Password + ``` -Set-YubiKeyOTP -Slot [-StaticPassword] -Password [-KeyboardLayout ] - [-AppendCarriageReturn] [-WhatIf] [-Confirm] [] +Set-YubiKeyOTP -Slot -Password [-StaticPassword] + [-KeyboardLayout ] [-AppendCarriageReturn] [-AccessCode ] + [-CurrentAccessCode ] [-WhatIf] [-Confirm] [] ``` ### Static Generated Password + ``` -Set-YubiKeyOTP -Slot [-StaticGeneratedPassword] -PasswordLength - [-KeyboardLayout ] [-AppendCarriageReturn] [-WhatIf] [-Confirm] [] +Set-YubiKeyOTP -Slot -PasswordLength [-StaticGeneratedPassword] + [-KeyboardLayout ] [-AppendCarriageReturn] [-AccessCode ] + [-CurrentAccessCode ] [-WhatIf] [-Confirm] [] ``` ### ChallengeResponse + ``` -Set-YubiKeyOTP -Slot [-ChallengeResponse] [-SecretKey ] - [-Algorithm ] [-RequireTouch] [-WhatIf] [-Confirm] [] +Set-YubiKeyOTP -Slot [-ChallengeResponse] [-SecretKey ] + [-Algorithm ] [-RequireTouch] [-AccessCode ] + [-CurrentAccessCode ] [-WhatIf] [-Confirm] [] ``` ### HOTP + ``` -Set-YubiKeyOTP -Slot [-SecretKey ] [-AppendCarriageReturn] [-HOTP] [-Base32Secret ] - [-WhatIf] [-Confirm] [] +Set-YubiKeyOTP -Slot [-SecretKey ] [-AppendCarriageReturn] [-SendTabFirst] [-HOTP] + [-Base32Secret ] [-HexSecret ] [-Use8Digits] [-AccessCode ] + [-CurrentAccessCode ] [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION -Allows the configuration of the YubiKey OTP slots (2). The YubiKey OTP slots can be configured with: -- Static password (or a split password), -- HOTP (OATH) secret for One Time Passwords (OTPs), +Allows the configuration of the YubiKey OTP slots (2). The YubiKey OTP slots can be configured with: + +- Static password (or a split password), +- HOTP (OATH) secret for One Time Passwords (OTPs), - Challange-Response (YubiOTP or HMAC-SHA1 format) - YubiOTP (Yubico OTP) ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-YubikeyOTP -Slot 1 -StaticPassword -PasswordLength 16 -AppendCarriageReturn ``` @@ -60,6 +77,7 @@ PS C:\> Set-YubikeyOTP -Slot 1 -StaticPassword -PasswordLength 16 -AppendCarriag Creates a static password with a length of 16 characters and appends a carriage return (Enter). ### Example 2 + ```powershell PS C:\> Set-YubikeyOTP -Slot 1 -StaticPassword -KeyboardLayout sv_SE -Password (Read-Host -AsSecureString "Password") Password: ****** @@ -68,6 +86,7 @@ Password: ****** Creates a static password using the Swedish keyboard layout. ### Example 3 + ```powershell PS C:\> Set-YubikeyOTP -Slot 1 -ChallengeResponse @@ -79,6 +98,7 @@ SecretKeyByte SecretKey Generates a new Challenge-Response Secret Key. The key will be printed after it is stored. ### Example 4 + ```powershell PS C:\> $OldKey = [powershellYK.support.HexConverter]::StringToByteArray('A4EFA38352F551FF4E1711322BDD1D952CF659DF') PS C:\> Set-YubikeyOTP -Slot 1 -ChallengeResponse -SecretKey $OldKey @@ -88,298 +108,564 @@ Generate a new Challenge-Response Secret Key. The key will be printed after it i ## PARAMETERS -### -Algorithm -Algorithm for Challange-Response. +### -AccessCode + +New access code (12-character hex string) ```yaml -Type: ChallengeResponseAlgorithm -Parameter Sets: ChallengeResponse -Aliases: -Accepted values: None, YubicoOtp, HmacSha1 +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -Algorithm -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Algorithm for Challenge-Response + +```yaml +Type: Yubico.YubiKey.Otp.ChallengeResponseAlgorithm +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChallengeResponse + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- YubicoOtp +- HmacSha1 +HelpMessage: '' ``` ### -AppendCarriageReturn + Append carriage return (Enter). This parameter can improve user experience and login performance by effectively submitting the credential on the input field and "pressing Enter" on behalf of the user. ```yaml -Type: SwitchParameter -Parameter Sets: Static Password, Static Generated Password, HOTP -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Static Generated Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Base32Secret + Base32 encoded secret key for HOTP ```yaml -Type: String -Parameter Sets: HOTP -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.String +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -ChallengeResponse -Allows for Challenge-Response configuration with all defaults. + +Allows for Challenge-Response configuration with all defaults + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChallengeResponse + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: ChallengeResponse +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -CurrentAccessCode -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Current access code (12-character hex string) + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -HexSecret + +Hex encoded secret key for HOTP + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -HOTP + Allows configuration of HOTP mode ```yaml -Type: SwitchParameter -Parameter Sets: HOTP -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -KeyboardLayout -Keyboard layout to be used. -```yaml -Type: KeyboardLayout -Parameter Sets: Static Password, Static Generated Password -Aliases: -Accepted values: ModHex, en_US, en_UK, de_DE, fr_FR, it_IT, es_US, sv_SE +Keyboard layout to be used -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: Yubico.Core.Devices.Hid.KeyboardLayout +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Static Generated Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- ModHex +- en_US +- en_UK +- de_DE +- fr_FR +- it_IT +- es_US +- sv_SE +HelpMessage: '' ``` ### -Password -Static password that will be set. -```yaml -Type: SecureString -Parameter Sets: Static Password -Aliases: +Static password that will be set -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Password + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PasswordLength + Length of static password that will be set. ```yaml -Type: Int32 -Parameter Sets: Static Generated Password -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Int32 +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Generated Password + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PrivateID -Sets the Private ID, defaults to random 6 bytes. -```yaml -Type: Byte[] -Parameter Sets: Yubico OTP -Aliases: +Sets the Private ID, defaults to random 6 bytes -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Yubico OTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PublicID -Sets the Public ID, defaults to the YubiKey serial number. -```yaml -Type: Byte[] -Parameter Sets: Yubico OTP -Aliases: +Sets the Public ID, defaults to YubiKey serial number -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Yubico OTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -RequireTouch -Require Touch. -```yaml -Type: SwitchParameter -Parameter Sets: ChallengeResponse -Aliases: +Require Touch -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChallengeResponse + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -SecretKey -Sets the Secret Key, defaults to random 16 bytes. + +Sets the Secret Key, defaults to random 16 bytes ```yaml -Type: Byte[] -Parameter Sets: Yubico OTP, ChallengeResponse, HOTP -Aliases: +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Yubico OTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: ChallengeResponse + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -SendTabFirst + +Send TAB before passcode to help navigate UI -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Slot -Yubikey OTP Slot. -```yaml -Type: Slot -Parameter Sets: (All) -Aliases: -Accepted values: None, ShortPress, LongPress +Yubikey OTP Slot -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: Yubico.YubiKey.Otp.Slot +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- None +- ShortPress +- LongPress +HelpMessage: '' ``` ### -StaticGeneratedPassword -Allows configuration with all defaults. -```yaml -Type: SwitchParameter -Parameter Sets: Static Generated Password -Aliases: +Allows configuration with all defaults -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Generated Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -StaticPassword -Allows configuration with all defaults. -```yaml -Type: SwitchParameter -Parameter Sets: Static Password -Aliases: +Allows configuration with all defaults -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Static Password + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -Upload -Upload to YubiCloud. + +Upload to YubiCloud ```yaml -Type: SwitchParameter -Parameter Sets: Yubico OTP -Aliases: +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Yubico OTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -Use8Digits + +Use 8 digits instead of 6 for HOTP -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: HOTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -YubicoOTP -Allows configuration with all defaults. +### -WhatIf + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: Yubico OTP +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` +### -YubicoOTP -### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. +Allows configuration with all defaults ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Yubico OTP + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -388,6 +674,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Set-YubikeyPIV.md b/Docs/Commands/Set-YubikeyPIV.md index d84cd62..e1052b2 100644 --- a/Docs/Commands/Set-YubikeyPIV.md +++ b/Docs/Commands/Set-YubikeyPIV.md @@ -1,62 +1,77 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Set-YubikeyPIV ## SYNOPSIS + Allows the updating of PIV settings ## SYNTAX ### ChangeRetries + ``` -Set-YubikeyPIV -PinRetries -PukRetries [-WhatIf] [-Confirm] [] +Set-YubiKeyPIV -PinRetries -PukRetries [-KeepPukUnlocked] [-WhatIf] [-Confirm] + [] ``` ### ChangePIN + ``` -Set-YubikeyPIV -PIN -NewPIN [-ChangePIN] [-WhatIf] [-Confirm] +Set-YubiKeyPIV -PIN -NewPIN [-ChangePIN] [-WhatIf] [-Confirm] [] ``` ### UnblockPIN + ``` -Set-YubikeyPIV -NewPIN -PUK [-UnblockPIN] [-WhatIf] [-Confirm] +Set-YubiKeyPIV -NewPIN -PUK [-UnblockPIN] [-WhatIf] [-Confirm] [] ``` ### ChangePUK + ``` -Set-YubikeyPIV -PUK -NewPUK [-ChangePUK] [-WhatIf] [-Confirm] +Set-YubiKeyPIV -PUK -NewPUK [-ChangePUK] [-WhatIf] [-Confirm] [] ``` ### ChangeManagement + ``` -Set-YubikeyPIV -ManagementKey -NewManagementKey -Algorithm +Set-YubiKeyPIV -ManagementKey -NewManagementKey -Algorithm -TouchPolicy [-WhatIf] [-Confirm] [] ``` ### newCHUID + ``` -Set-YubikeyPIV [-newCHUID] [-WhatIf] [-Confirm] [] +Set-YubiKeyPIV -newCHUID [-WhatIf] [-Confirm] [] ``` ### Set Managementkey to PIN protected + ``` -Set-YubikeyPIV [-PINProtectedManagementkey] [-WhatIf] [-Confirm] [] +Set-YubiKeyPIV -PINProtectedManagementkey [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + Allows the modification of PIV settings like: PIN, PUK, ManagementKey and CHUID. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Set-YubikeyPIV -PinRetries 8 -PukRetries 4 WARNING: PIN and PUK codes reset to default, remember to change. @@ -65,6 +80,7 @@ WARNING: PIN and PUK codes reset to default, remember to change. Updates the PIV to 8 PIN retries and 4 PUK retries. ### Example 3 + ```powershell PS C:\GIT-VS\Yubikey_Powershell> Set-YubikeyPIV -ChangePIN @@ -80,264 +96,411 @@ Change PIN with a easy way of requesting the new codes. ## PARAMETERS ### -Algorithm + Algoritm ```yaml -Type: PivAlgorithm -Parameter Sets: ChangeManagement -Aliases: -Accepted values: TripleDES, AES128, AES192, AES256 - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: Yubico.YubiKey.Piv.PivAlgorithm +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeManagement + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- TripleDES +- AES128 +- AES192 +- AES256 +HelpMessage: '' ``` ### -ChangePIN -Easy access to ChangePIN -```yaml -Type: SwitchParameter -Parameter Sets: ChangePIN -Aliases: +Change the PIN -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangePIN + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -ChangePUK -Easy access to ChangePUK + +Change the PUK (PIN Unblocking Key) ```yaml -Type: SwitchParameter -Parameter Sets: ChangePUK +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangePUK + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -Confirm + +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -KeepPukUnlocked + +Keep PUK unlocked -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeRetries + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -ManagementKey -Current ManagementKey -```yaml -Type: PSObject -Parameter Sets: ChangeManagement -Aliases: +Current Management key -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeManagement + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -newCHUID + Generate new CHUID ```yaml -Type: SwitchParameter -Parameter Sets: newCHUID -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: newCHUID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewManagementKey -New ManagementKey -```yaml -Type: PSObject -Parameter Sets: ChangeManagement -Aliases: +New Management key -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.PSObject +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeManagement + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewPIN + New PIN ```yaml -Type: SecureString -Parameter Sets: ChangePIN, UnblockPIN -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangePIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: UnblockPIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -NewPUK + New PUK ```yaml -Type: SecureString -Parameter Sets: ChangePUK -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangePUK + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PIN + Current PIN ```yaml -Type: SecureString -Parameter Sets: ChangePIN -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangePIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PINProtectedManagementkey -PIN protect the Managementkey -```yaml -Type: SwitchParameter -Parameter Sets: Set Managementkey to PIN protected -Aliases: +PIN protect the Management key -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set Managementkey to PIN protected + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PinRetries -{{ Fill PinRetries Description }} -```yaml -Type: Byte -Parameter Sets: ChangeRetries -Aliases: +Change the number of PIN retries -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Nullable`1[System.Byte] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeRetries + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PUK + Current PUK ```yaml -Type: SecureString -Parameter Sets: UnblockPIN, ChangePUK -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UnblockPIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: ChangePUK + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -PukRetries -{{ Fill PukRetries Description }} -```yaml -Type: Byte -Parameter Sets: ChangeRetries -Aliases: +Change the number of PUK retries -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Nullable`1[System.Byte] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeRetries + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -TouchPolicy -TouchPolicy -```yaml -Type: PivTouchPolicy -Parameter Sets: ChangeManagement -Aliases: -Accepted values: Default, Never, Always, Cached +Touch policy -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: Yubico.YubiKey.Piv.PivTouchPolicy +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: ChangeManagement + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: +- Default +- Never +- Always +- Cached +HelpMessage: '' ``` ### -UnblockPIN -Easy access to UnblockPIN - -```yaml -Type: SwitchParameter -Parameter Sets: UnblockPIN -Aliases: -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - -### -Confirm -Prompts you for confirmation before running the cmdlet. +Unblock the PIN ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UnblockPIN + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi +Runs the command in a mode that only reports what would happen without performing the actions. -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -346,6 +509,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Switch-YubikeyOTP.md b/Docs/Commands/Switch-YubikeyOTP.md index 4d4f4f8..9520b14 100644 --- a/Docs/Commands/Switch-YubikeyOTP.md +++ b/Docs/Commands/Switch-YubikeyOTP.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Switch-YubiKeyOTP ## SYNOPSIS + Switch places for the configuration of the YubiKey OTP. ## SYNTAX +### Default (Default) + +``` +Switch-YubiKeyOTP [-WhatIf] [-Confirm] [] +``` + +### __AllParameterSets + ``` Switch-YubiKeyOTP [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + This command switches the Long and Short presses for the Yubikey OTP. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Switch-YubikeyOTP ``` @@ -31,37 +46,55 @@ This command outputs no information, but switches the Long and Short presses for ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -70,6 +103,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Unblock-YubikeyPIV.md b/Docs/Commands/Unblock-YubikeyPIV.md index 4fb6bf5..377675b 100644 --- a/Docs/Commands/Unblock-YubikeyPIV.md +++ b/Docs/Commands/Unblock-YubikeyPIV.md @@ -1,27 +1,44 @@ ---- +--- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Unblock-YubikeyPIV ## SYNOPSIS + Unblock a PIN locked YubiKey PIV. ## SYNTAX +### Default (Default) + ``` -Unblock-YubikeyPIV -NewPIN -PUK [-WhatIf] [-Confirm] [] +Unblock-YubikeyPIV -NewPIN -PUK [-WhatIf] [-Confirm] + [] ``` +### UnblockPIN + +``` +Unblock-YubiKeyPIV -NewPIN -PUK [-WhatIf] [-Confirm] + [] +``` + +## ALIASES + ## DESCRIPTION + Allows the resetting of the PIN using the PUK. The PUK was set during install and default is 12345678. ## EXAMPLES ### Example 1 + ```powershell PS C:\> Unblock-YubikeyPIV ``` @@ -30,69 +47,98 @@ The command will request the current PUK and the new PIN. ## PARAMETERS -### -NewPIN -New PIN +### -Confirm + +Prompts you for confirmation before running the cmdlet. ```yaml -Type: SecureString -Parameter Sets: (All) +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -PUK -Current PUK +### -NewPIN -```yaml -Type: SecureString -Parameter Sets: (All) -Aliases: +New PIN -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +```yaml +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UnblockPIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` -### -Confirm -Prompts you for confirmation before running the cmdlet. +### -PUK + +Current PUK ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Security.SecureString +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: UnblockPIN + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. -The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -101,6 +147,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Unlock-Yubikey.md b/Docs/Commands/Unlock-Yubikey.md index b50deaa..006b654 100644 --- a/Docs/Commands/Unlock-Yubikey.md +++ b/Docs/Commands/Unlock-Yubikey.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Unlock-Yubikey ## SYNOPSIS + Unlocks the configuration lock on the YubiKey. ## SYNTAX +### Default (Default) + ``` Unlock-Yubikey -LockCode [] ``` +### __AllParameterSets + +``` +Unlock-YubiKey -LockCode [] +``` + +## ALIASES + ## DESCRIPTION + Allow the Yubikey to be configured once more. ## EXAMPLES ### Example 1 + ```powershell PS C:\> $Lockcode = [byte[]](1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16) PS C:\> Unlock-Yubikey -LockCode $Lockcode @@ -33,22 +48,32 @@ Removes the configuration lock on the Yubikey ## PARAMETERS ### -LockCode -LockCode for Yubikey + +Lock Code for YubiKey ```yaml -Type: Byte[] -Parameter Sets: (All) -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Byte[] +DefaultValue: None +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: (All) + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -57,6 +82,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/Unprotect-YubikeyOATH.md b/Docs/Commands/Unprotect-YubikeyOATH.md index 60e21ff..7184d50 100644 --- a/Docs/Commands/Unprotect-YubikeyOATH.md +++ b/Docs/Commands/Unprotect-YubikeyOATH.md @@ -1,27 +1,42 @@ --- +document type: cmdlet external help file: powershellYK.dll-Help.xml +HelpUri: Module Name: powershellYK -online version: -schema: 2.0.0 +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 --- # Unprotect-YubiKeyOATH ## SYNOPSIS + {{ Fill in the Synopsis }} ## SYNTAX +### Default (Default) + +``` +Unprotect-YubiKeyOATH [-WhatIf] [-Confirm] [] +``` + +### __AllParameterSets + ``` Unprotect-YubiKeyOATH [-WhatIf] [-Confirm] [] ``` +## ALIASES + ## DESCRIPTION + {{ Fill in the Description }} ## EXAMPLES ### Example 1 + ```powershell PS C:\> {{ Add example code here }} ``` @@ -31,37 +46,55 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Confirm + Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: cf - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- cf +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### -WhatIf -Shows what would happen if the cmdlet runs. The cmdlet is not run. + +Runs the command in a mode that only reports what would happen without performing the actions. ```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: wi - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False +Type: System.Management.Automation.SwitchParameter +DefaultValue: None +SupportsWildcards: false +Aliases: +- wi +ParameterSets: +- Name: (All) + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS @@ -70,6 +103,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS ### System.Object + ## NOTES ## RELATED LINKS + +{{ Fill in the related links here }} + diff --git a/Docs/Commands/powershellYK.md b/Docs/Commands/powershellYK.md index 347540e..110f39a 100644 --- a/Docs/Commands/powershellYK.md +++ b/Docs/Commands/powershellYK.md @@ -1,186 +1,250 @@ ---- -Module Name: powershellYK -Module Guid: d947dd9b-87eb-49ea-a373-b91c7acc0917 -Download Help Link: {{ Update Download Link }} +--- +document type: module Help Version: 0.0.12.1 +HelpInfoUri: '' Locale: en-US +Module Guid: d947dd9b-87eb-49ea-a373-b91c7acc0917 +Module Name: powershellYK +ms.date: 03-19-2026 +PlatyPS schema version: 2024-05-01 +System.Collections.Generic.Dictionary`2[System.Object,System.Object]: '' --- # powershellYK Module + ## Description + {{ Fill in the Description }} ## powershellYK Cmdlets + ### [Assert-YubiKeyPIV](Assert-YubiKeyPIV.md) + Create attestation certificate ### [Block-YubikeyPIV](Block-YubikeyPIV.md) + Block out PIN or PUK codes ### [Build-YubiKeyPIVCertificateSigningRequest](Build-YubiKeyPIVCertificateSigningRequest.md) + Creates a CSR for a slot in the YubiKey. ### [Build-YubiKeyPIVSignCertificate](Build-YubiKeyPIVSignCertificate.md) + Sign a certificate request with a YubiKey. ### [Confirm-YubiKeyPIVAttestation](Confirm-YubiKeyPIVAttestation.md) + Confirm YubiKey Attestation. ### [Connect-Yubikey](Connect-Yubikey.md) + Connect the module to the YubiKey. ### [Connect-YubiKeyFIDO2](Connect-YubiKeyFIDO2.md) + Connect to the FIDO2 session. ### [Connect-YubiKeyOATH](Connect-YubiKeyOATH.md) + Connect to the OATH part of the connected YubiKey. ### [Connect-YubikeyPIV](Connect-YubikeyPIV.md) + Connect PIV module ### [ConvertTo-AltSecurity](ConvertTo-AltSecurity.md) + Generate the alt security security identities for a certificate ### [Disconnect-Yubikey](Disconnect-Yubikey.md) + Disconnects the YubiKey ### [Enable-powershellYKSDKLogging](Enable-powershellYKSDKLogging.md) + Enables logging from the Yubico SDK. ### [Enable-YubikeyFIDO2EnterpriseAttestation](Enable-YubikeyFIDO2EnterpriseAttestation.md) + Enables the Enterprise Attestion feature on the YubiKey FIDO2 device. ### [Export-YubiKeyPIVCertificate](Export-YubiKeyPIVCertificate.md) + Export certificate from YubiKey PIV ### [Find-Yubikey](Find-Yubikey.md) + Lists all YubiKeys on system ### [Get-powershellYKInfo](Get-powershellYKInfo.md) + Get module internal information. ### [Get-Yubikey](Get-Yubikey.md) + Returns the connected YubiKey ### [Get-YubiKeyBIOFingerprint](Get-YubiKeyBIOFingerprint.md) + List fingerprint templates registered on a YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ### [Get-YubikeyFIDO2](Get-YubikeyFIDO2.md) + Get FIDO2 information from YubiKey ### [Get-YubiKeyFIDO2Credential](Get-YubiKeyFIDO2Credential.md) + Read the FIDO2 discoverable credentials ### [Get-YubikeyOATH](Get-YubikeyOATH.md) + Get information about the OATH module ### [Get-YubikeyOATHAccount](Get-YubikeyOATHAccount.md) + List all OATH accounts ### [Get-YubikeyOTP](Get-YubikeyOTP.md) + YubiKey OTP Information ### [Get-YubikeyPIV](Get-YubikeyPIV.md) + Gets information about the PIV module and specific slots. ### [Import-YubiKeyPIV](Import-YubiKeyPIV.md) + Import certificate ### [Lock-Yubikey](Lock-Yubikey.md) + Lock the YubiKey configuration ### [Move-YubikeyPIV](Move-YubikeyPIV.md) + Move a key from one slot to another ### [New-YubiKeyFIDO2Credential](New-YubiKeyFIDO2Credential.md) + Creates a new FIDO2 credential on the connected YubiKey. For more complete examples see: https://github.com/virot/powershellYK/tree/master/Docs/Examples ### [New-YubikeyOATHAccount](New-YubikeyOATHAccount.md) + Created a TOTP or HOTP account ### [New-YubiKeyPIVKey](New-YubiKeyPIVKey.md) + Create a new private key ### [New-YubikeyPIVSelfSign](New-YubikeyPIVSelfSign.md) + Create a self signed certificate ### [Protect-YubiKeyOATH](Protect-YubiKeyOATH.md) + Set password ### [Register-YubikeyBIOFingerprint](Register-YubikeyBIOFingerprint.md) + Register a new fingerprint on a YubiKey Bio _or_ a YubiKey Bio Multi-Protocol Edition (MPE). ### [Remove-YubiKeyBIOFingerprint](Remove-YubiKeyBIOFingerprint.md) + Removes a selected fingerprint template from the YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ### [Remove-YubikeyFIDO2Credential](Remove-YubikeyFIDO2Credential.md) + Removes a FIDO2 credential from the YubiKey. ### [Remove-YubikeyOATHAccount](Remove-YubikeyOATHAccount.md) + Removes an account from the YubiKey OATH application. -### [Remove-YubiKeyOTP](Remove-YubiKeyOTP.md) +### [Remove-YubikeyOTP](Remove-YubikeyOTP.md) + Remove YubiKey OTP slot. ### [Remove-YubikeyPIVKey](Remove-YubikeyPIVKey.md) + Remove a key from a YubiKey PIV slot. ### [Rename-YubiKeyBIOFingerprint](Rename-YubiKeyBIOFingerprint.md) + Changes the template name of a registered fingerprint on the YubiKey Bio or YubiKey Bio Multi-Protocol Edition (MPE). ### [Rename-YubikeyOATHAccount](Rename-YubikeyOATHAccount.md) + Rename OATH account ### [Request-YubikeyOATHCode](Request-YubikeyOATHCode.md) + Displays TOTP / HOTP codes for YubiKey OATH credentials. ### [Request-YubikeyOTPChallange](Request-YubikeyOTPChallange.md) + Send Challaenge to YubiKey. ### [Reset-YubiKeyBioMPE](Reset-YubiKeyBioMPE.md) + Allows the user to reset the YubiKey Bio Multi-Protocol Edition (MPE) to factory settings. ### [Reset-YubiKeyFIDO2](Reset-YubiKeyFIDO2.md) + Reset a YubiKey FIDO2 device to factory settings. ### [Reset-YubikeyOATH](Reset-YubikeyOATH.md) + Reset the entire YubiKey OATH application. ### [Reset-YubikeyPIV](Reset-YubikeyPIV.md) + Resets the PIV part of your YubiKey. ### [Set-Yubikey](Set-Yubikey.md) + Allows basic YubiKey configuration. ### [Set-YubiKeyFIDO2](Set-YubiKeyFIDO2.md) + Allows settings FIDO2 options. ### [Set-YubiKeyFIDO2PIN](Set-YubiKeyFIDO2PIN.md) + Set the PIN for the FIDO2 application on the YubiKey. ### [Set-YubiKeyOATHPassword](Set-YubiKeyOATHPassword.md) + Set the password for the YubiKey OATH application. ### [Set-YubiKeyOTP](Set-YubiKeyOTP.md) + Configure OTP slots ### [Set-YubiKeyOTPSlotAccessCode](Set-YubiKeyOTPSlotAccessCode.md) + Sets, changes or removes the OTP slot access code for a YubiKey. he access code protects OTP slot configurations from unauthorized modifications. ### [Set-YubikeyPIV](Set-YubikeyPIV.md) + Allows the updating of PIV settings ### [Switch-YubiKeyOTP](Switch-YubiKeyOTP.md) + Switch places for the configuration of the YubiKey OTP. ### [Unblock-YubikeyPIV](Unblock-YubikeyPIV.md) + Unblock a PIN locked YubiKey PIV. ### [Unlock-Yubikey](Unlock-Yubikey.md) + Unlocks the configuration lock on the YubiKey. ### [Unprotect-YubiKeyOATH](Unprotect-YubiKeyOATH.md) + {{ Fill in the Synopsis }} diff --git a/Module/Cmdlets/BIO/RegisterYubiKeyBIOFingerprint.cs b/Module/Cmdlets/BIO/RegisterYubiKeyBIOFingerprint.cs index 6c0321e..a207e62 100644 --- a/Module/Cmdlets/BIO/RegisterYubiKeyBIOFingerprint.cs +++ b/Module/Cmdlets/BIO/RegisterYubiKeyBIOFingerprint.cs @@ -31,7 +31,7 @@ namespace powershellYK.Cmdlets.PIV public class RegisterYubikeyBIOFingerprintCmdlet : Cmdlet { // Parameter for the fingerprint name - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Name of the finger to register")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Name of finger to register, for example: \"left index\" or \"right index\".")] public String? Name; // Connect to YubiKey when cmdlet starts diff --git a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs index ab4da46..7dffddc 100644 --- a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs @@ -61,7 +61,7 @@ public class SetYubikeyFIDO2Cmdlet : PSCmdlet, IDynamicParameters [Parameter(Mandatory = true, ParameterSetName = "Set PIN minimum length", ValueFromPipeline = false, HelpMessage = "Set the minimum length of the PIN")] public int? MinimumPINLength { get; set; } - [Parameter(Mandatory = true, ParameterSetName = "Set force PIN change", HelpMessage = "Enable or disable the forceChangePin flag")] + [Parameter(Mandatory = true, ParameterSetName = "Set force PIN change", HelpMessage = "Enable the **_forceChangePin__** flag as supported by YubiKeys with firmware `5.7` or later.\nWhen set, the feature will force the user to change the FIDO2 applet PIN on first use.")] public SwitchParameter ForcePINChange { get; set; } [ValidateLength(4, 63)] diff --git a/Module/Cmdlets/OTP/SetYubikeyOTP.cs b/Module/Cmdlets/OTP/SetYubikeyOTP.cs index 8ca61a7..6a1eba6 100644 --- a/Module/Cmdlets/OTP/SetYubikeyOTP.cs +++ b/Module/Cmdlets/OTP/SetYubikeyOTP.cs @@ -140,7 +140,7 @@ public class SetYubikeyOTPCommand : PSCmdlet // Length of the generated static password (1-38 characters) [ValidateRange(1, 38)] - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Static password that will be set", ParameterSetName = "Static Generated Password")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Length of static password that will be set.", ParameterSetName = "Static Generated Password")] public int PasswordLength { get; set; } // Keyboard layout to use for static passwords @@ -149,9 +149,9 @@ public class SetYubikeyOTPCommand : PSCmdlet public KeyboardLayout KeyboardLayout { get; set; } = KeyboardLayout.ModHex; // Flag to append carriage return (Enter) after credential output - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter)", ParameterSetName = "Static Password")] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter)", ParameterSetName = "Static Generated Password")] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter)", ParameterSetName = "HOTP")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter). This parameter can improve user experience\nand login performance by effectively submitting the credential on the input\nfield and \"pressing Enter\" on behalf of the user.", ParameterSetName = "Static Password")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter). This parameter can improve user experience\nand login performance by effectively submitting the credential on the input\nfield and \"pressing Enter\" on behalf of the user.", ParameterSetName = "Static Generated Password")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Append carriage return (Enter). This parameter can improve user experience\nand login performance by effectively submitting the credential on the input\nfield and \"pressing Enter\" on behalf of the user.", ParameterSetName = "HOTP")] public SwitchParameter AppendCarriageReturn { get; set; } // Sends a TAB character before the OTP passcode when using HOTP mode diff --git a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs index aae5f5e..b6693f2 100644 --- a/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs +++ b/Module/Cmdlets/PIV/BuildYubiKeyPIVCertificateSigningRequest.cs @@ -42,11 +42,11 @@ public class BuildYubiKeyPIVCertificateSigningRequestCmdlet : Cmdlet // Parameter to specify where to store attestation in the CSR [ValidateSet("Both", "Legacy", "Standard", ErrorMessage = null)] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "OID to store attestation in CSR.", ParameterSetName = "With Attestation")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "OID location to store attestation in CSR.\nLegacy stores the attestation in the .11 OID as yubico-piv-tool used until 2025.\nStandard stores the attestation in the .1 OID as yubico-piv-tool uses from 2025.\nBoth stores the attestation in both OIDs.", ParameterSetName = "With Attestation")] public string AttestationLocation { get; set; } = "Both"; // Parameter for the subject name of the certificate - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Subject name of certificate")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Subjectname of certificate")] public string Subjectname { get; set; } = "CN=SubjectName to be supplied by Server,O=Fake"; // Parameter for the output file path @@ -57,7 +57,7 @@ public class BuildYubiKeyPIVCertificateSigningRequestCmdlet : Cmdlet // Parameter for the hash algorithm to use [ValidateSet("SHA1", "SHA256", "SHA384", "SHA512", IgnoreCase = true)] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "HashAlgoritm")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "HashAlgoritm, this will be forced to correct for ECC.")] public HashAlgorithmName HashAlgorithm { get; set; } = HashAlgorithmName.SHA256; // Parameter to output CSR in PEM format diff --git a/Module/Cmdlets/PIV/BuildYubikeyPIVSignCertificate.cs b/Module/Cmdlets/PIV/BuildYubikeyPIVSignCertificate.cs index fcc324e..2d7ad40 100644 --- a/Module/Cmdlets/PIV/BuildYubikeyPIVSignCertificate.cs +++ b/Module/Cmdlets/PIV/BuildYubikeyPIVSignCertificate.cs @@ -78,7 +78,7 @@ public class BuildYubikeySignedCertificateCommand : Cmdlet public SwitchParameter CertificateAuthority { get; set; } // Parameter for Subject Alternative Names - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "SubjectAlternativeNames for the certificate")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "SubjectAlternativeNames for the certificate\nStart each string with DNS, MAIL or UPN and a space before the value.")] public string[] SubjectAltName { get; set; } = new string[] { }; // Parameter for key usage flags diff --git a/Module/Cmdlets/PIV/ConnectYubikeyPIV.cs b/Module/Cmdlets/PIV/ConnectYubikeyPIV.cs index 0777582..b78a121 100644 --- a/Module/Cmdlets/PIV/ConnectYubikeyPIV.cs +++ b/Module/Cmdlets/PIV/ConnectYubikeyPIV.cs @@ -34,8 +34,8 @@ public class ConnectYubikeyPIVCommand : Cmdlet // Parameter for the PIV Management Key [TransformHexInput()] [ValidatePIVManagementKey()] - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Management Key", ParameterSetName = "PIN&Management")] - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Management Key", ParameterSetName = "Management")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Management key", ParameterSetName = "PIN&Management")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Management key", ParameterSetName = "Management")] public PSObject? ManagementKey; // Parameter for the PIV PIN diff --git a/Module/Cmdlets/PIV/ImportYubiKeyPIV.cs b/Module/Cmdlets/PIV/ImportYubiKeyPIV.cs index de8f268..2b83b6b 100644 --- a/Module/Cmdlets/PIV/ImportYubiKeyPIV.cs +++ b/Module/Cmdlets/PIV/ImportYubiKeyPIV.cs @@ -35,7 +35,7 @@ public class ImportYubiKeyPIVCommand : PSCmdlet { // Parameters for slot selection [ArgumentCompletions("\"PIV Authentication\"", "\"Digital Signature\"", "\"Key Management\"", "\"Card Authentication\"", "0x9a", "0x9c", "0x9d", "0x9e")] - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Slotnumber")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Slot number")] public PIVSlot Slot { get; set; } // Parameters for certificate import @@ -64,9 +64,9 @@ public class ImportYubiKeyPIVCommand : PSCmdlet // Parameters for key policies [ValidateSet("Default", "Never", "None", "Once", IgnoreCase = true)] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "PinPolicy", ParameterSetName = "Privatekey")] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "PinPolicy", ParameterSetName = "CertificateAndKey")] - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "PinPolicy", ParameterSetName = "P12")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Pin policy", ParameterSetName = "Privatekey")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Pin policy", ParameterSetName = "CertificateAndKey")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Pin policy", ParameterSetName = "P12")] public PivPinPolicy PinPolicy { get; set; } = PivPinPolicy.Default; // Parameter for touch policy diff --git a/Module/Cmdlets/Yubikey/ConnectYubikey.cs b/Module/Cmdlets/Yubikey/ConnectYubikey.cs index 1f9afe1..b91c2e6 100644 --- a/Module/Cmdlets/Yubikey/ConnectYubikey.cs +++ b/Module/Cmdlets/Yubikey/ConnectYubikey.cs @@ -32,7 +32,7 @@ public class ConnectYubikeyCommand : PSCmdlet [Parameter(Position = 0, Mandatory = false, ValueFromPipeline = true, HelpMessage = "Which YubiKey to connect to", ParameterSetName = "Connect provided Yubikey")] public YubiKeyDevice? YubiKey { get; set; } - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Connect to YubiKey with Serial Number", ParameterSetName = "Connect Yubikey with Serialnumber")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Connect to YubiKey with Serialnumber", ParameterSetName = "Connect Yubikey with Serialnumber")] public int? Serialnumber { get; set; } // Private field for YubiKey diff --git a/Module/Cmdlets/Yubikey/FindYubikey.cs b/Module/Cmdlets/Yubikey/FindYubikey.cs index 1fc9330..8c2657d 100644 --- a/Module/Cmdlets/Yubikey/FindYubikey.cs +++ b/Module/Cmdlets/Yubikey/FindYubikey.cs @@ -28,7 +28,7 @@ public class FindYubikeyCommand : Cmdlet // Parameters for YubiKey filtering [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Return only one YubiKey")] public SwitchParameter OnlyOne { get; set; } - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Return only YubiKey with Serial Number")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Return only YubiKey with serial number")] public int? Serialnumber { get; set; } // Process the main cmdlet logic diff --git a/Module/Cmdlets/Yubikey/SetYubikey.cs b/Module/Cmdlets/Yubikey/SetYubikey.cs index 2e04583..e548bed 100644 --- a/Module/Cmdlets/Yubikey/SetYubikey.cs +++ b/Module/Cmdlets/Yubikey/SetYubikey.cs @@ -43,23 +43,23 @@ namespace powershellYK.Cmdlets.OTP public class SetYubikeyCommand : PSCmdlet { // Parameters for USB capabilities - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Replace current USB capabilities with.", ParameterSetName = "Replace USB capabilities")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Replace current USB capabilities with selected capabilities.", ParameterSetName = "Replace USB capabilities")] public YubiKeyCapabilities UsbCapabilities { get; set; } - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Enable capabilities over USB", ParameterSetName = "Update USB capabilities")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Enable select capabilities over USB. If a needed feature has been turned off,\nthe command can be used to (re)enable the feature over USB.", ParameterSetName = "Update USB capabilities")] public YubiKeyCapabilities EnableUsbCapabilities { get; set; } = YubiKeyCapabilities.None; - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Disable capabilities over USB", ParameterSetName = "Update USB capabilities")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Disable select capabilities over USB. The command can be used to improve\nuser experience by _disabling__ YubiKey features that are not in use.\nFor example, an organization may want to disable OTP/OATH if only FIDO or PIV is used.", ParameterSetName = "Update USB capabilities")] public YubiKeyCapabilities DisableUsbCapabilities { get; set; } = YubiKeyCapabilities.None; // Parameters for NFC capabilities - [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Replace current NFC capabilities with.", ParameterSetName = "Replace NFC capabilities")] + [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "Replace current NFC capabilities with selected capabilities.", ParameterSetName = "Replace NFC capabilities")] public YubiKeyCapabilities? NFCCapabilities { get; set; } - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Enable capabilities over NFC", ParameterSetName = "Update NFC capabilities")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Enable select capabilities over NFC. If a needed feature has been turned off,\nthe command can be used to (re)enable the feature over NFC.", ParameterSetName = "Update NFC capabilities")] public YubiKeyCapabilities EnableNFCCapabilities { get; set; } = YubiKeyCapabilities.None; - [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Disable capabilities over NFC", ParameterSetName = "Update NFC capabilities")] + [Parameter(Mandatory = false, ValueFromPipeline = false, HelpMessage = "Disable select capabilities over NFC. The command can be used to improve\nuser experience by _disabling__ YubiKey features that are not in use.\nFor example, an organization may want to disable OTP/OATH if only FIDO or PIV is used.", ParameterSetName = "Update NFC capabilities")] public YubiKeyCapabilities DisableNFCCapabilities { get; set; } = YubiKeyCapabilities.None; // Parameters for touch eject settings @@ -70,7 +70,7 @@ public class SetYubikeyCommand : PSCmdlet public UInt16 AutoEjectTimeout = 0; // Parameters for secure transport mode - [Parameter(Mandatory = true, ParameterSetName = "Set Restricted NFC", HelpMessage = "Enable Restricted NFC / Secure Transport Mode")] + [Parameter(Mandatory = true, ParameterSetName = "Set Restricted NFC", HelpMessage = "Enable Restricted NFC as supported by YubiKeys with firmware `5.7` or later.\nWhen set, the YubiKey will limit access to capabilites over NFC until USB powered.\nThis feature is typically toggled when _shipping__ YubiKeys in tamper-evident packaging.")] public SwitchParameter SecureTransportMode { get; set; } // Initialize processing diff --git a/build.ps1 b/build.ps1 index 7e2615f..f4a70dd 100644 --- a/build.ps1 +++ b/build.ps1 @@ -24,25 +24,31 @@ Remove-Item -Recurse "$($Directory.fullname)\loader" Read-Host -Prompt "Press Enter to continue" #Get-Item "$($Directory.fullname)\powershellYK.psd1" -PipelineVariable ItemFile |ForEach {(Get-Content $ItemFile).Replace('RootModule = ''powershellYK.dll''','RootModule = ''.\module\powershellYK.dll''', [System.StringComparison]::InvariantCultureIgnoreCase) | Set-Content -Path $ItemFile } -#Update-ModuleManifest -Path "$($Directory.fullname)\powershellYK.psd1" -ModuleVersion (GI .\release\module\powershellYK.dll).VersionInfo.FileVersion.toString() -Update-Metadata -Path "$($Directory.fullname)\powershellYK.psd1" -PropertyName ModuleVersion -Value (GI .\release\powershellYK.dll).VersionInfo.FileVersion.toString() +Update-ModuleManifest -Path "$($Directory.fullname)\powershellYK.psd1" -ModuleVersion (GI "$($Directory.fullname)\powershellYK.dll").VersionInfo.FileVersion.toString() +#Update-Metadata -Path "$($Directory.fullname)\powershellYK.psd1" -PropertyName ModuleVersion -Value (GI .\release\powershellYK.dll).VersionInfo.FileVersion.toString() #Update-Metadata -Path "$($Directory.fullname)\powershellYK.psd1" -PropertyName NestedModules -Value ".\module\powershellYK_loader.dll" Import-Module "$($Directory.fullname)\powershellYK.psd1" -$parameters = @{ - Path = '.\Docs\Commands' - RefreshModulePage = $true - AlphabeticParamsOrder = $true - UpdateInputOutput = $true - ExcludeDontShow = $true - LogPath = '\temp\platyps.log' - Encoding = [System.Text.Encoding]::UTF8 -} -Update-MarkdownHelpModule @parameters -Update-MarkdownHelpModule @parameters +Measure-PlatyPSMarkdown -Path ./docs/Commands/*.md | +Where-Object Filetype -match 'CommandHelp' | +Update-MarkdownCommandHelp -Path {$_.FilePath} -NoBackup + +# Update the module file +Measure-PlatyPSMarkdown -Path ./docs/Commands/*.md | + Where-Object Filetype -match 'CommandHelp' | + Import-MarkdownCommandHelp -Path {$_.FilePath} | + Update-MarkdownModuleFile -Path ./docs/Commands/powershellYK.md -NoBackup -Force -HelpVersion (GI "$($Directory.fullname)\powershellYK.dll").VersionInfo.FileVersion.toString() + +New-Item -Type 'Directory' -Path "$($Directory.fullname)\en-US" + +Measure-PlatyPSMarkdown -Path ./docs/Commands/*.md | + Where-Object Filetype -match 'CommandHelp' | + Import-MarkdownCommandHelp -Path {$_.FilePath} | + Export-MamlCommandHelp -OutputFolder "$($Directory.fullname)" -New-ExternalHelp -Path '.\Docs\Commands' -OutputPath "$($Directory.fullname)" -Force +Move-Item "$($Directory.fullname)\powershellYK\powershellYK.dll-help.xml" "$($Directory.fullname)\en-US\powershellYK.dll-help.xml" +Remove-Item "$($Directory.fullname)\powershellYK" From baa54651835821570cf9e94aca358746de0537a5 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Fri, 20 Mar 2026 00:46:45 +0100 Subject: [PATCH 07/21] Add documentation for Export-YubiKeyFIDOBlob Add TransformPath so it manages changes to the working folder --- Docs/Commands/Export-YubiKeyFIDO2Blob.md | 144 ++++++++++++++++++ .../Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs | 49 +++--- 2 files changed, 165 insertions(+), 28 deletions(-) create mode 100644 Docs/Commands/Export-YubiKeyFIDO2Blob.md diff --git a/Docs/Commands/Export-YubiKeyFIDO2Blob.md b/Docs/Commands/Export-YubiKeyFIDO2Blob.md new file mode 100644 index 0000000..d583f72 --- /dev/null +++ b/Docs/Commands/Export-YubiKeyFIDO2Blob.md @@ -0,0 +1,144 @@ +--- +document type: cmdlet +external help file: powershellYK.dll-Help.xml +HelpUri: '' +Locale: en-SE +Module Name: powershellYK +ms.date: 03-20-2026 +PlatyPS schema version: 2024-05-01 +title: Export-YubiKeyFIDO2Blob +--- + +# Export-YubiKeyFIDO2Blob + +## SYNOPSIS + +Exports large blob from YubiKey FIDO2 by Credential ID or Relying Party ID (Origin). + +## SYNTAX + +### Export LargeBlob + +``` +Export-YubiKeyFIDO2Blob -CredentialId -OutFile [] +``` + +### Export LargeBlob by RelyingPartyID + +``` +Export-YubiKeyFIDO2Blob -RelyingPartyID -OutFile [] +``` + +## ALIASES + +## DESCRIPTION + +Requires YubiKey firmware version 5.7.4 or later. + +## EXAMPLES + +### Example 1 + +```powershell +PS C:\> Export-YubiKeyFIDO2Blob -RelyingPartyID "powershellYK" -OutFile storedfile.txt +Touch the YubiKey... +``` + +Exports the large blob for the credential with the specified Credential ID to the specified output file. + +## PARAMETERS + +### -CredentialId + +Credential ID (hex or base64url string) to export large blob for. + +```yaml +Type: System.Nullable`1[powershellYK.FIDO2.CredentialID] +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Export LargeBlob + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -OutFile + +Output file path for the exported large blob + +```yaml +Type: System.IO.FileInfo +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Export LargeBlob + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Export LargeBlob by RelyingPartyID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -RelyingPartyID + +Relying Party ID (Origin), or relying party display name if unique, to export large blob for. + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: +- RP +- Origin +ParameterSets: +- Name: Export LargeBlob by RelyingPartyID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +{{ Fill in the Description }} + +## NOTES + +{{ Fill in the Notes }} + +## RELATED LINKS + +[FIDO2 large blobs ("largeBlobs" option)](https://docs.yubico.com/yesdk/users-manual/application-fido2/large-blobs.html) + diff --git a/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs index 04f749f..72b903a 100644 --- a/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs +++ b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs @@ -12,15 +12,16 @@ /// // Imports -using System.Management.Automation; // Windows PowerShell namespace. -using Yubico.YubiKey; -using Yubico.YubiKey.Fido2; +using Newtonsoft.Json; using powershellYK.FIDO2; using powershellYK.support; -using Yubico.YubiKey.Cryptography; -using System.Security.Cryptography; -using Newtonsoft.Json; +using powershellYK.support.transform; using powershellYK.support.validators; +using System.Management.Automation; // Windows PowerShell namespace. +using System.Security.Cryptography; +using Yubico.YubiKey; +using Yubico.YubiKey.Cryptography; +using Yubico.YubiKey.Fido2; namespace powershellYK.Cmdlets.Fido { @@ -46,17 +47,18 @@ public class ExportYubikeyFIDO2BlobCmdlet : PSCmdlet public string? RelyingPartyID { get; set; } [Parameter( - Mandatory = false, + Mandatory = true, ParameterSetName = "Export LargeBlob", ValueFromPipeline = false, HelpMessage = "Output file path for the exported large blob" )] [Parameter( - Mandatory = false, + Mandatory = true, ParameterSetName = "Export LargeBlob by RelyingPartyID", ValueFromPipeline = false, HelpMessage = "Output file path for the exported large blob" )] + [TransformPath] [ValidatePath(fileMustExist: false, fileMustNotExist: true)] public required System.IO.FileInfo OutFile { get; set; } @@ -286,30 +288,21 @@ protected override void ProcessRecord() } WriteDebug($"Step 6: Blob entry selected from index {selectedEntryIndex} ({blobData.Length} bytes)."); - if (this.MyInvocation.BoundParameters.ContainsKey("OutFile")) + WriteDebug($"Step 7: Writing blob data to '{OutFile.FullName}'."); + // Write the blob data to the output file + string resolvedPath = GetUnresolvedProviderPathFromPSPath(OutFile.FullName); + try { - WriteDebug($"Step 7: Writing blob data to '{OutFile.FullName}'."); - // Write the blob data to the output file - string resolvedPath = GetUnresolvedProviderPathFromPSPath(OutFile.FullName); - try - { - System.IO.File.WriteAllBytes(resolvedPath, blobData); - } - catch (Exception ex) - { - throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); - } + System.IO.File.WriteAllBytes(resolvedPath, blobData); } - else + catch (Exception ex) { - WriteDebug($"Step 7: Writing blob data to output."); - // Write the blob data to the output - WriteObject(blobData); + throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); } - - WriteInformation( - $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", - new[] { "FIDO2", "LargeBlob" }); + + WriteInformation( + $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", + new[] { "FIDO2", "LargeBlob" }); } } } From c53529a8119d13cac83399059fe0d80aa92e3531 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Fri, 20 Mar 2026 01:01:58 +0100 Subject: [PATCH 08/21] Add Import-YubiKeyFIDO2Blob Cmdlet --- Docs/Commands/Import-YubiKeyFIDO2Blob.md | 174 +++++++++ .../Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs | 346 ++++++++++++++++++ Module/powershellYK.psd1 | 1 + 3 files changed, 521 insertions(+) create mode 100644 Docs/Commands/Import-YubiKeyFIDO2Blob.md create mode 100644 Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs diff --git a/Docs/Commands/Import-YubiKeyFIDO2Blob.md b/Docs/Commands/Import-YubiKeyFIDO2Blob.md new file mode 100644 index 0000000..b5c60a2 --- /dev/null +++ b/Docs/Commands/Import-YubiKeyFIDO2Blob.md @@ -0,0 +1,174 @@ +--- +document type: cmdlet +external help file: powershellYK.dll-Help.xml +HelpUri: '' +Locale: en-SE +Module Name: powershellYK +ms.date: 03-20-2026 +PlatyPS schema version: 2024-05-01 +title: Import-YubiKeyFIDO2Blob +--- + +# Import-YubiKeyFIDO2Blob + +## SYNOPSIS + +Imports large blob to YubiKey FIDO2 by Credential ID or Relying Party ID (Origin). + +## SYNTAX + +### Set LargeBlob + +``` +Import-YubiKeyFIDO2Blob -LargeBlob -CredentialId [-Force] + [] +``` + +### Set LargeBlob by RelyingPartyID + +``` +Import-YubiKeyFIDO2Blob -LargeBlob -RelyingPartyID [-Force] [] +``` + +## ALIASES + +This cmdlet has the following aliases, + {{Insert list of aliases}} + +## DESCRIPTION + +Requires YubiKey firmware version 5.7 or later. + +## EXAMPLES + +### Example 1 + +```powershell +PS C:\> Import-YubiKeyFIDO2Blob -RelyingPartyID "powershellYK" -LargeBlob FileToImport.txt +Touch the YubiKey... +``` + +Imports the large blob from the specified file for the credential with the specified Relying Party ID (or display name, if unique) to the YubiKey. + +## PARAMETERS + +### -CredentialId + +Credential ID (hex or base64url string) to associate with the large blob array. + +```yaml +Type: System.Nullable`1[powershellYK.FIDO2.CredentialID] +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set LargeBlob + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -Force + +Overwrite existing large blob entry for this credential without prompting. + +```yaml +Type: System.Management.Automation.SwitchParameter +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set LargeBlob + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Set LargeBlob by RelyingPartyID + Position: Named + IsRequired: false + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -LargeBlob + +File to import as large blob + +```yaml +Type: System.IO.FileInfo +DefaultValue: '' +SupportsWildcards: false +Aliases: [] +ParameterSets: +- Name: Set LargeBlob + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +- Name: Set LargeBlob by RelyingPartyID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### -RelyingPartyID + +Relying party ID, or relying party display name if unique, to associate with the large blob. + +```yaml +Type: System.String +DefaultValue: '' +SupportsWildcards: false +Aliases: +- RP +- Origin +ParameterSets: +- Name: Set LargeBlob by RelyingPartyID + Position: Named + IsRequired: true + ValueFromPipeline: false + ValueFromPipelineByPropertyName: false + ValueFromRemainingArguments: false +DontShow: false +AcceptedValues: [] +HelpMessage: '' +``` + +### CommonParameters + +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, +-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, +-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see +[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +### System.Object + +{{ Fill in the Description }} + +## NOTES + +{{ Fill in the Notes }} + +## RELATED LINKS + +[FIDO2 large blobs ("largeBlobs" option)](https://docs.yubico.com/yesdk/users-manual/application-fido2/large-blobs.html) \ No newline at end of file diff --git a/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs b/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs new file mode 100644 index 0000000..2d83350 --- /dev/null +++ b/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs @@ -0,0 +1,346 @@ +/// +/// Allows uploading of large blobs to the YubiKey FIDO2 applet, associated with a specific credential ID or relying party. +/// Requires a YubiKey with FIDO2 support and administrator privileges on Windows. +/// +/// Sends minimum PIN length to specified relying party +/// +/// .EXAMPLE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -RelyingPartyID "demo.yubico.com" +/// Imports a file as a large blob when there is no more than one credential for the Relying Party on the YubiKey +/// +/// .EXAMPLE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" +/// Imports a file as a large blob for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) +/// +/// .EXAMPLE +/// cd C:\CODE +/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" -Force +/// Imports a file as a large blob and overwrites any existing blob entry for that credential without prompting +/// + +using Microsoft.VisualBasic; +using Newtonsoft.Json; +using powershellYK.FIDO2; +using powershellYK.support; +using powershellYK.support.transform; +using powershellYK.support.validators; +using System.Collections.ObjectModel; +using System.Management.Automation; // Windows PowerShell namespace. +using System.Security; +using System.Security.Cryptography; +using Yubico.YubiKey; +using Yubico.YubiKey.Cryptography; +using Yubico.YubiKey.Fido2; +using Yubico.YubiKey.Piv; + +namespace powershellYK.Cmdlets.Fido +{ + [Cmdlet(VerbsData.Import, "YubiKeyFIDO2Blob")] + public class ImportYubikeyFIDO2BlobCmdlet : PSCmdlet + { + // Parameters for large blob import + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "File to import as large blob" + )] + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "File to import as large blob" + )] + [TransformPath] + [ValidatePath(fileMustExist: true, fileMustNotExist: false)] + public required System.IO.FileInfo LargeBlob { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Credential ID (hex or base64url string) to associate with the large blob array." + )] + public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } + + [Parameter( + Mandatory = true, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Relying party ID, or relying party display name if unique, to associate with the large blob." + )] + [Alias("RP", "Origin")] + [ValidateNotNullOrEmpty] + public string? RelyingPartyID { get; set; } + + [Parameter( + Mandatory = false, + ParameterSetName = "Set LargeBlob", + ValueFromPipeline = false, + HelpMessage = "Overwrite existing large blob entry for this credential without prompting." + )] + [Parameter( + Mandatory = false, + ParameterSetName = "Set LargeBlob by RelyingPartyID", + ValueFromPipeline = false, + HelpMessage = "Overwrite existing large blob entry for this credential without prompting." + )] + public SwitchParameter Force { get; set; } + + // Initialize processing and verify requirements + protected override void BeginProcessing() + { + // Check if running as Administrator + if (Windows.IsRunningAsAdministrator() == false) + { + throw new Exception("FIDO access on Windows requires running as Administrator."); + } + + // Connect to FIDO2 if not already authenticated + if (YubiKeyModule._fido2PIN is null) + { + WriteDebug("No FIDO2 session has been authenticated, calling Connect-YubikeyFIDO2..."); + var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-YubikeyFIDO2"); + if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction")) + { + myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]); + } + myPowersShellInstance.Invoke(); + if (YubiKeyModule._fido2PIN is null) + { + throw new Exception("Connect-YubikeyFIDO2 failed to connect to the FIDO2 applet!"); + } + } + } + + // Process the main cmdlet logic + protected override void ProcessRecord() + { + using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!)) + { + fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate; + + switch (ParameterSetName) + { + case "Set LargeBlob": + case "Set LargeBlob by RelyingPartyID": + // Verify the YubiKey supports large blobs + if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) + { + throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); + } + WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); + + if (LargeBlob is null) + { + throw new ArgumentException("You must enter a valid file path.", nameof(LargeBlob)); + } + + // Resolve and read the input file + string resolvedPath = GetUnresolvedProviderPathFromPSPath(LargeBlob.FullName); + byte[] blobData; + try + { + blobData = System.IO.File.ReadAllBytes(resolvedPath); + WriteDebug($"Step 2: Input file loaded from '{LargeBlob.FullName}' ({blobData.Length} bytes)."); + } + catch (Exception ex) + { + throw new IOException($"Failed to read large blob data from file '{LargeBlob}'.", ex); + } + + // Resolve target credential and corresponding relying party. + RelyingParty? credentialRelyingParty = null; + var relyingParties = fido2Session.EnumerateRelyingParties(); + powershellYK.FIDO2.CredentialID selectedCredentialId; + if (ParameterSetName == "Set LargeBlob by RelyingPartyID") + { + if (string.IsNullOrWhiteSpace(RelyingPartyID)) + { + throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when setting a large blob by RelyingPartyID."); + } + + var matchingRps = relyingParties.Where(rpMatch => + string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || + (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) + .ToList(); + + if (matchingRps.Count == 0) + { + throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); + } + if (matchingRps.Count > 1) + { + string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); + throw new InvalidOperationException( + $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + + "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); + } + + credentialRelyingParty = matchingRps[0]; + try + { + var credentialsForOrigin = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); + if (credentialsForOrigin.Count == 0) + { + throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); + } + if (credentialsForOrigin.Count > 1) + { + string candidateCredentialIds = string.Join(", ", + credentialsForOrigin.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); + throw new InvalidOperationException( + $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForOrigin.Count}). " + + $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to use."); + } + + selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForOrigin[0].CredentialId; + } + catch (NotSupportedException) + { + throw new InvalidOperationException( + $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); + } + } + else + { + // Ensure a credential ID was supplied + if (CredentialId is null) + { + throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when setting a large blob."); + } + + selectedCredentialId = CredentialId.Value; + byte[] credentialIdBytes = selectedCredentialId.ToByte(); + + foreach (RelyingParty currentRp in relyingParties) + { + try + { + var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); + foreach (var credInfo in credentials) + { + if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) + { + credentialRelyingParty = currentRp; + break; + } + } + if (credentialRelyingParty is not null) + { + break; + } + } + catch (NotSupportedException) + { + // Skip relying parties with unsupported algorithms + continue; + } + } + + if (credentialRelyingParty is null) + { + throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); + } + } + WriteDebug($"Step 3: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); + + // Create client data hash for GetAssertion + byte[] challengeBytes = new byte[32]; + RandomNumberGenerator.Fill(challengeBytes); + var clientData = new + { + type = "webauthn.get", + origin = $"https://{credentialRelyingParty.Id}", + challenge = Convert.ToBase64String(challengeBytes) + }; + var clientDataJSON = JsonConvert.SerializeObject(clientData); + var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); + var digester = CryptographyProviders.Sha256Creator(); + _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); + ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); + WriteDebug($"Step 4: Client data hash created for origin '{clientData.origin}'."); + + // Perform GetAssertion to retrieve the largeBlobKey + var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); + + // Add the credential ID to the allow list (for non-resident keys) + gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); + + // Request the largeBlobKey extension + gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); + + // Execute assertion ceremony + Console.WriteLine("Touch the YubiKey..."); + var assertions = fido2Session.GetAssertions(gaParams); + if (assertions.Count == 0) + { + throw new InvalidOperationException("GetAssertion returned no assertions."); + } + + // Retrieve the per-credential largeBlobKey + var retrievedKey = assertions[0].LargeBlobKey; + if (retrievedKey is null) + { + throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); + } + WriteDebug($"Step 5: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); + + // Get the current serialized Large Blob array from the authenticator + var blobArray = fido2Session.GetSerializedLargeBlobArray(); + WriteDebug($"Step 6: Current large blob array loaded ({blobArray.Entries.Count} entries)."); + + // Enforce one entry per credential key by detecting existing decryptable entries. + var matchingEntryIndexes = new List(); + for (int i = 0; i < blobArray.Entries.Count; i++) + { + if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out _)) + { + matchingEntryIndexes.Add(i); + } + } + + if (matchingEntryIndexes.Count > 0) + { + string existingMsg = + $"Found {matchingEntryIndexes.Count} existing large blob entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")} " + + $"for relying party '{credentialRelyingParty.Id}'."; + WriteWarning(existingMsg); + + bool overwriteExisting = Force.IsPresent; + if (!overwriteExisting) + { + overwriteExisting = ShouldContinue( + $"{existingMsg} Overwrite existing entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")}?", + "Large blob entry already exists"); + } + + if (!overwriteExisting) + { + WriteWarning("Operation cancelled by user. Existing large blob entries were left unchanged."); + return; + } + + for (int i = matchingEntryIndexes.Count - 1; i >= 0; i--) + { + blobArray.RemoveEntry(matchingEntryIndexes[i]); + } + } + + WriteDebug($"Step 7: Adding blob entry ({blobData.Length} bytes)."); + // Add a new encrypted entry, binding the data to the retrieved largeBlobKey + blobArray.AddEntry(blobData, retrievedKey.Value); + + WriteDebug("Step 8: Writing updated large blob array to YubiKey..."); + // Write the updated Large Blob array back to the authenticator + fido2Session.SetSerializedLargeBlobArray(blobArray); + + WriteInformation( + $"FIDO2 large blob entry added successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", + new[] { "FIDO2", "LargeBlob" }); + break; + } + } + } + } +} diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1 index 39d000a..a82f911 100644 --- a/Module/powershellYK.psd1 +++ b/Module/powershellYK.psd1 @@ -86,6 +86,7 @@ CmdletsToExport = @( 'Export-YubiKeyFIDO2Blob', 'Get-YubiKeyFIDO2', 'Get-YubiKeyFIDO2Credential', + 'Import-YubiKeyFIDO2Blob', 'New-YubiKeyFIDO2Credential', 'Remove-YubiKeyFIDO2Credential' 'Set-YubiKeyFIDO2', From 0dac3e2be32a2de965d3c28ffe5bfc6b24a358ad Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Fri, 20 Mar 2026 01:19:47 +0100 Subject: [PATCH 09/21] Add initial pester test --- Pester/320-FIDO2Blob.tests.ps1 | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 Pester/320-FIDO2Blob.tests.ps1 diff --git a/Pester/320-FIDO2Blob.tests.ps1 b/Pester/320-FIDO2Blob.tests.ps1 new file mode 100644 index 0000000..642a556 --- /dev/null +++ b/Pester/320-FIDO2Blob.tests.ps1 @@ -0,0 +1,13 @@ +Describe "FIDO2 Blob Tests" -Tag @("FIDO2",'FIDO2Blob') { + BeforeAll { + { Connect-YubiKey } | Should -Not -Throw + { Connect-YubiKeyFIDO2 -PIN (ConvertTo-SecureString -String '123456' -AsPlainText -Force) } | Should -Not -Throw + { New-YubiKeyFIDO2Credential -RelyingPartyID 'powershellYK-FIDO2-BLOB' -Challenge ([powershellYK.FIDO2.Challenge]::FakeChallange("powershellYK")) -Discoverable:$true -Username 'powershellYKUser' -UserID 0x01 } | Should -Not -Throw + } + AfterAll { + Remove-YubikeyFIDO2Credential -RelayingParty 'powershellYK-FIDO2-BLOB' -Username powershellYKUser + } + It -Name "Store file in FIDO2 Blob" -Test { + { Import-YubiKeyFIDO2Blob -RelyingPartyID 'powershellYK-FIDO2-BLOB' -LargeBlob ".\Pester\TestData\piv_attestion_5_4_3_9a_request.req" } | Should -Not -Throw + } +} \ No newline at end of file From b6da248a27199c1169693d2c57a923ba2f5f6b52 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 13:49:51 +0100 Subject: [PATCH 10/21] Fix for lit --- Module/Cmdlets/PIV/NewYubikeyPIVKey.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs b/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs index 5019eda..e48f06b 100644 --- a/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs +++ b/Module/Cmdlets/PIV/NewYubikeyPIVKey.cs @@ -60,7 +60,7 @@ public object GetDynamicParameters() if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa2048)) { availableAlgorithms.Add("Rsa2048"); } if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa3072)) { availableAlgorithms.Add("Rsa3072"); } if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivRsa4096)) { availableAlgorithms.Add("Rsa4096"); } - + // Check for supported ECC algorithms if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP256)) { availableAlgorithms.Add("EcP256"); } if (((YubiKeyDevice)YubiKeyModule._yubikey!).HasFeature(YubiKeyFeature.PivEccP384)) { availableAlgorithms.Add("EcP384"); } From d3f8df5d14680d473a18cc8aa9e5cfef16654842 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 13:53:42 +0100 Subject: [PATCH 11/21] Unknown changes by lint Removed some unused using --- Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs | 2 +- Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs index 72b903a..1d85dbf 100644 --- a/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs +++ b/Module/Cmdlets/FIDO2/ExportYubiKeyFIDO2Blob.cs @@ -299,7 +299,7 @@ protected override void ProcessRecord() { throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); } - + WriteInformation( $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", new[] { "FIDO2", "LargeBlob" }); diff --git a/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs b/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs index 2d83350..97eae12 100644 --- a/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs +++ b/Module/Cmdlets/FIDO2/Import-YubiKeyFIDO2Blob.cs @@ -24,14 +24,12 @@ using powershellYK.support; using powershellYK.support.transform; using powershellYK.support.validators; -using System.Collections.ObjectModel; using System.Management.Automation; // Windows PowerShell namespace. using System.Security; using System.Security.Cryptography; using Yubico.YubiKey; using Yubico.YubiKey.Cryptography; using Yubico.YubiKey.Fido2; -using Yubico.YubiKey.Piv; namespace powershellYK.Cmdlets.Fido { @@ -110,7 +108,7 @@ protected override void BeginProcessing() { throw new Exception("Connect-YubikeyFIDO2 failed to connect to the FIDO2 applet!"); } - } + } } // Process the main cmdlet logic From 0e8a5bc5bb341ff525a6a781fd12f9d8c522cbaa Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 13:55:42 +0100 Subject: [PATCH 12/21] Delete powershellYK_loader/loader.cs --- powershellYK_loader/loader.cs | 76 ----------------------------------- 1 file changed, 76 deletions(-) delete mode 100644 powershellYK_loader/loader.cs diff --git a/powershellYK_loader/loader.cs b/powershellYK_loader/loader.cs deleted file mode 100644 index 3154bae..0000000 --- a/powershellYK_loader/loader.cs +++ /dev/null @@ -1,76 +0,0 @@ -// taken from https://github.com/PalmEmanuel/Isol8/blob/main/Source/Assets/ModuleIsolation.cs - -using System.Reflection; -using System.Management.Automation; -using System.Runtime.Loader; -using System.IO; - -namespace powershellYK_loader -{ - - // Implement interfaces for interacting with loading logic of PowerShell - public abstract class ModuleInitializer : IModuleAssemblyInitializer, IModuleAssemblyCleanup - { - // Create a new custom ALC and provide the directory - private static Isol8AssemblyLoadContext alc; - public ModuleInitializer(string assemblyName) - { - ModuleName = assemblyName; - alc = new Isol8AssemblyLoadContext(dependencyDirectory, assemblyName); - } - - // Runs when Import-Module is run on our module, but in this case also when referred to in NestedModules - public void OnImport() => AssemblyLoadContext.Default.Resolving += ResolveAssembly; - // Runs when user runs Remove-Module on our module - public void OnRemove(PSModuleInfo psModuleInfo) => AssemblyLoadContext.Default.Resolving -= ResolveAssembly; - - // Name of initializer assembly - public static string ModuleName { get; set; } - // Get directory of this assembly, and use that directory to load dependencies from - private static readonly string dependencyDirectory = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); - - // Resolve assembly by name if it's the Isol8 dll being loaded by the default ALC - // We know it's the default ALC because of OnImport above - public static Assembly? ResolveAssembly(AssemblyLoadContext defaultAlc, AssemblyName assemblyName) - { - return assemblyName.Name == ModuleName ? - alc.LoadFromAssemblyName(assemblyName) : - null; - } - } - - // We create our own ALC by inheriting from AssemblyLoadContext and overriding the Load() method - // We can also change the constructor to take a path which we load from, which we do here - public class Isol8AssemblyLoadContext : AssemblyLoadContext - { - // The path which we try to load the assemblies from - private readonly string dependencyDirectory; - - // We can call the base constructor to set a name for the ALC - // There are more options such as marking our ALC as collectible to enable unloading it, but that doesn't work with PowerShell - public Isol8AssemblyLoadContext(string path, string moduleName) : base(moduleName) - { - dependencyDirectory = path; - } - - // Override the Load() method and try to load the module as a DLL file in the provided directory if it exists - protected override Assembly Load(AssemblyName assemblyName) - { - var assemblyPath = Path.Join(dependencyDirectory, $"{assemblyName.Name}.dll"); - - // If it exists we can load it from the path - if (File.Exists(assemblyPath)) - { - return LoadFromAssemblyPath(assemblyPath); - } - - // Returning null once more lets the loader know that we didn't load the module, and lets it try something else - return null; - } - - } - public class powershellYKModuleInitializer : ModuleInitializer - { - public powershellYKModuleInitializer() : base("powershellYK") { } - } -} From ef1d46118b8ddcf7b23a0a6e6f779fc3b71b6f67 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 13:56:55 +0100 Subject: [PATCH 13/21] Enhance dotnet format command and remove loader build Updated the dotnet format command to include verbosity option and removed the build step for the loader. --- .github/workflows/main.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 00b04b7..0e279c0 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -26,7 +26,7 @@ jobs: dotnet-version: '8.x.x' # Specify the .NET version you're using - name: Run dotnet format - run: dotnet format --no-restore Module/powershellYK.csproj + run: dotnet format --no-restore --verbosity normal Module/powershellYK.csproj continue-on-error: false - name: Check for uncommitted changes @@ -61,9 +61,6 @@ jobs: - name: Install dependencies run: dotnet restore - - name: Build loader - run: dotnet build --no-restore -c Release powershellYK_loader/powershellYK_loader.csproj --output release - - name: Build run: dotnet build --no-restore -c Release Module/powershellYK.csproj From a4cd0157912938e71ceb458a0e35ba49d6672606 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:01:19 +0100 Subject: [PATCH 14/21] Update module import paths in Pester tests --- .github/workflows/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 0e279c0..d04ad0d 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -88,7 +88,7 @@ jobs: shell: pwsh run: | # Import the module from the downloaded build output - Import-Module .\release\powershellYK.psd1 + Import-Module .\powershellYK.psd1 # Run Pester tests Invoke-Pester -Tag "Without-Yubikey" -Output Detailed @@ -111,7 +111,7 @@ jobs: shell: pwsh run: | # Import the module from the downloaded build output - Import-Module ./release/powershellYK.psd1 + Import-Module ./powershellYK.psd1 # Run Pester tests Invoke-Pester -Tag "Without-Yubikey" -Output Detailed From cbaf51895a6bbf55894877dcb8072b9b824c8a9d Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:44:16 +0100 Subject: [PATCH 15/21] Delete powershellYK_loader/powershellYK_loader.csproj --- powershellYK_loader/powershellYK_loader.csproj | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 powershellYK_loader/powershellYK_loader.csproj diff --git a/powershellYK_loader/powershellYK_loader.csproj b/powershellYK_loader/powershellYK_loader.csproj deleted file mode 100644 index 2ab749e..0000000 --- a/powershellYK_loader/powershellYK_loader.csproj +++ /dev/null @@ -1,14 +0,0 @@ - - - - net8.0 - enable - enable - - - - - - - - From cd247861ad8aef65373c6238ea9fc12ae6b4b328 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:45:09 +0100 Subject: [PATCH 16/21] Remove powershellYK_loader project from solution Removed the powershellYK_loader project from the solution. --- powershellYK.sln | 2 -- 1 file changed, 2 deletions(-) diff --git a/powershellYK.sln b/powershellYK.sln index 1a151a5..a32a039 100644 --- a/powershellYK.sln +++ b/powershellYK.sln @@ -5,8 +5,6 @@ VisualStudioVersion = 17.9.34728.123 MinimumVisualStudioVersion = 10.0.40219.1 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "powershellYK", "Module\powershellYK.csproj", "{31A0A7CD-FE21-417D-9F8A-6F8E31915D10}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "powershellYK_loader", "powershellYK_loader\powershellYK_loader.csproj", "{176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}" -EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU From 59ed2c4075aba5ef0776a75dbb719c03d6feb66c Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:45:30 +0100 Subject: [PATCH 17/21] Remove Debug configurations from solution file Removed Debug configuration settings for a project. --- powershellYK.sln | 8 -------- 1 file changed, 8 deletions(-) diff --git a/powershellYK.sln b/powershellYK.sln index a32a039..d73954f 100644 --- a/powershellYK.sln +++ b/powershellYK.sln @@ -21,14 +21,6 @@ Global {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|Any CPU.Build.0 = Release|Any CPU {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|x64.ActiveCfg = Release|x64 {31A0A7CD-FE21-417D-9F8A-6F8E31915D10}.Release|x64.Build.0 = Release|x64 - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|Any CPU.Build.0 = Debug|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|x64.ActiveCfg = Debug|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Debug|x64.Build.0 = Debug|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|Any CPU.ActiveCfg = Release|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|Any CPU.Build.0 = Release|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|x64.ActiveCfg = Release|Any CPU - {176C5EF1-D4B4-240F-5F1D-C9BB90BC13D2}.Release|x64.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE From 35dac3db173b8dfa01befd0a3fb1976411513ce2 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:46:07 +0100 Subject: [PATCH 18/21] Remove specific PowerShell scripts from .gitignore Remove PowerShell scripts from .gitignore --- .gitignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7c8115e..f4afde3 100644 --- a/.gitignore +++ b/.gitignore @@ -364,5 +364,3 @@ FodyWeavers.xsd /.vscode/launch.json /powershellYK.psd1 /.cursorrules -/Docs/Cookbook/Set-BIO-random-PIN.ps1 -/Docs/Cookbook/Enroll-FIDO2-On-Behalf-Of-Mock-IdP.ps1 From 484ffefdc608bf5e867ad02defd9a2908737b58f Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 14:47:23 +0100 Subject: [PATCH 19/21] Update module import paths in Pester tests --- .github/workflows/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index d04ad0d..0e279c0 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -88,7 +88,7 @@ jobs: shell: pwsh run: | # Import the module from the downloaded build output - Import-Module .\powershellYK.psd1 + Import-Module .\release\powershellYK.psd1 # Run Pester tests Invoke-Pester -Tag "Without-Yubikey" -Output Detailed @@ -111,7 +111,7 @@ jobs: shell: pwsh run: | # Import the module from the downloaded build output - Import-Module ./powershellYK.psd1 + Import-Module ./release/powershellYK.psd1 # Run Pester tests Invoke-Pester -Tag "Without-Yubikey" -Output Detailed From bff54babc908f6025c24b3a4822a982bc0509efb Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 22:01:08 +0100 Subject: [PATCH 20/21] Revert Get|Set-YubiKeyFIDO2 Fix Pester tests --- Module/powershellYK.psd1 | 2 +- build.ps1 | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1 index caa1cef..de1641d 100644 --- a/Module/powershellYK.psd1 +++ b/Module/powershellYK.psd1 @@ -66,7 +66,7 @@ PowerShellVersion = '7.0' # FormatsToProcess = @('powershellYK.format.ps1xml') # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -NestedModules = @('') +# NestedModules = @('') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. # FunctionsToExport = @() diff --git a/build.ps1 b/build.ps1 index f4a70dd..1dbcef5 100644 --- a/build.ps1 +++ b/build.ps1 @@ -4,11 +4,7 @@ if (Test-Path 'release') { $Directory = New-Item -Type Directory 'release' dotnet publish module --nologo --framework 'net8.0' --output "$($Directory.fullname)" -dotnet publish powershellYK_loader --nologo --framework 'net8.0' --output "$($Directory.fullname)\loader" - -Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.dll" "$($Directory.fullname)" #Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.pdb" "$($Directory.fullname)\module" -Remove-Item -Recurse "$($Directory.fullname)\loader" #Move-Item "$($Directory.fullname)\module\powershellYK.psd1" "$($Directory.fullname)" #Move-Item "$($Directory.fullname)\module\powershellYK.format.ps1xml" "$($Directory.fullname)" From 0a14f90e51ee5587b3e13e785c57328f91027524 Mon Sep 17 00:00:00 2001 From: Oscar Virot Date: Sun, 22 Mar 2026 22:01:08 +0100 Subject: [PATCH 21/21] FRevert Get|Set-YubiKeyFIDO2 Fix Pester tests --- Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs | 294 +----------------- Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs | 284 +---------------- Module/powershellYK.psd1 | 2 +- Pester/290-Confirm-YubikeyAttestion.tests.ps1 | 30 +- ...-Confirm-YubiKeyFIDO2Attestation.tests.ps1 | 10 +- build.ps1 | 4 - 6 files changed, 27 insertions(+), 597 deletions(-) diff --git a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs index a04922d..d089dc1 100644 --- a/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/GetYubikeyFIDO2.cs @@ -10,14 +10,6 @@ /// .EXAMPLE /// Get-YubiKeyFIDO2 | Format-List /// Returns detailed FIDO2 information in a list format -/// -/// .EXAMPLE -/// Get-YubiKeyFIDO2 -LargeBlob -OutFile fileName.txt -RelyingPartyID "demo.yubico.com" -/// Exports a large blob to file when there is no more than one credential for the Relying Party on the YubiKey -/// -/// .EXAMPLE -/// Get-YubiKeyFIDO2 -LargeBlob -OutFile fileName.txt -CredentialId "19448fe...67ab9207071e" -/// Exports a large blob to file for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) /// // Imports @@ -26,64 +18,12 @@ using Yubico.YubiKey.Fido2; using powershellYK.FIDO2; using powershellYK.support; -using Yubico.YubiKey.Cryptography; -using System.Security.Cryptography; -using Newtonsoft.Json; -using powershellYK.support.validators; namespace powershellYK.Cmdlets.Fido { - [Cmdlet(VerbsCommon.Get, "YubiKeyFIDO2", DefaultParameterSetName = "GetInfo")] + [Cmdlet(VerbsCommon.Get, "YubiKeyFIDO2")] public class GetYubikeyFIDO2Cmdlet : PSCmdlet { - // Parameters for large blob export - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob", - ValueFromPipeline = false, - HelpMessage = "Export large blob for the specified credential" - )] - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "Export large blob for the specified relying party" - )] - public SwitchParameter LargeBlob { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob", - ValueFromPipeline = false, - HelpMessage = "Credential ID (hex or base64url string) to export large blob for." - )] - public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "Relying Party ID (Origin), or relying party display name if unique, to export large blob for." - )] - [Alias("RP", "Origin")] - [ValidateNotNullOrEmpty] - public string? RelyingPartyID { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob", - ValueFromPipeline = false, - HelpMessage = "Output file path for the exported large blob" - )] - [Parameter( - Mandatory = true, - ParameterSetName = "Export LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "Output file path for the exported large blob" - )] - [ValidatePath(fileMustExist: false, fileMustNotExist: true)] - public System.IO.FileInfo? OutFile { get; set; } - // Initialize processing and verify requirements protected override void BeginProcessing() { @@ -100,25 +40,6 @@ protected override void BeginProcessing() WriteDebug($"Successfully connected"); } - // Connect to FIDO2 if exporting large blob - if (ParameterSetName == "Export LargeBlob" || ParameterSetName == "Export LargeBlob by RelyingPartyID") - { - if (YubiKeyModule._fido2PIN is null) - { - WriteDebug("No FIDO2 session has been authenticated, calling Connect-YubikeyFIDO2..."); - var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-YubikeyFIDO2"); - if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction")) - { - myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]); - } - myPowersShellInstance.Invoke(); - if (YubiKeyModule._fido2PIN is null) - { - throw new Exception("Connect-YubikeyFIDO2 failed to connect to the FIDO2 applet!"); - } - } - } - // Check if running as Administrator if (Windows.IsRunningAsAdministrator() == false) { @@ -131,215 +52,10 @@ protected override void ProcessRecord() { using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!)) { - if (ParameterSetName == "Export LargeBlob" || ParameterSetName == "Export LargeBlob by RelyingPartyID") - { - fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate; - - // Verify the YubiKey supports large blobs - if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) - { - throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); - } - WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); - - if (OutFile is null) - { - throw new ArgumentException("You must enter a valid output file path.", nameof(OutFile)); - } - - // Resolve target credential and corresponding relying party. - RelyingParty? credentialRelyingParty = null; - var relyingParties = fido2Session.EnumerateRelyingParties(); - powershellYK.FIDO2.CredentialID selectedCredentialId; - if (ParameterSetName == "Export LargeBlob by RelyingPartyID") - { - if (string.IsNullOrWhiteSpace(RelyingPartyID)) - { - throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when exporting a large blob by RelyingPartyID."); - } - - var matchingRps = relyingParties.Where(rpMatch => - string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || - (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) - .ToList(); - - if (matchingRps.Count == 0) - { - throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); - } - if (matchingRps.Count > 1) - { - string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); - throw new InvalidOperationException( - $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + - "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); - } - - credentialRelyingParty = matchingRps[0]; - try - { - var credentialsForRp = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); - if (credentialsForRp.Count == 0) - { - throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); - } - if (credentialsForRp.Count > 1) - { - string candidateCredentialIds = string.Join(", ", - credentialsForRp.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); - throw new InvalidOperationException( - $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForRp.Count}). " + - $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to export."); - } - - selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForRp[0].CredentialId; - } - catch (NotSupportedException) - { - throw new InvalidOperationException( - $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); - } - } - else - { - // Ensure a credential ID was supplied - if (CredentialId is null) - { - throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when exporting a large blob."); - } - - selectedCredentialId = CredentialId.Value; - byte[] credentialIdBytes = selectedCredentialId.ToByte(); - - foreach (RelyingParty currentRp in relyingParties) - { - try - { - var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); - foreach (var credInfo in credentials) - { - if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) - { - credentialRelyingParty = currentRp; - break; - } - } - if (credentialRelyingParty is not null) - { - break; - } - } - catch (NotSupportedException) - { - // Skip relying parties with unsupported algorithms - continue; - } - } - - if (credentialRelyingParty is null) - { - throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); - } - } - WriteDebug($"Step 2: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); - - // Create client data hash for GetAssertion - byte[] challengeBytes = new byte[32]; - RandomNumberGenerator.Fill(challengeBytes); - var clientData = new - { - type = "webauthn.get", - origin = $"https://{credentialRelyingParty.Id}", - challenge = Convert.ToBase64String(challengeBytes) - }; - var clientDataJSON = JsonConvert.SerializeObject(clientData); - var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); - var digester = CryptographyProviders.Sha256Creator(); - _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); - ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); - WriteDebug($"Step 3: Client data hash created for origin '{clientData.origin}'."); - - // Perform GetAssertion to retrieve the largeBlobKey - var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); - - // Add the credential ID to the allow list (for non-resident keys) - gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); - - // Request the largeBlobKey extension - gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); - - // Execute assertion ceremony - Console.WriteLine("Touch the YubiKey..."); - var assertions = fido2Session.GetAssertions(gaParams); - if (assertions.Count == 0) - { - throw new InvalidOperationException("GetAssertion returned no assertions."); - } - - // Retrieve the per-credential largeBlobKey - var retrievedKey = assertions[0].LargeBlobKey; - if (retrievedKey is null) - { - throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); - } - WriteDebug($"Step 4: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); - - // Get the current serialized Large Blob array from the authenticator - var blobArray = fido2Session.GetSerializedLargeBlobArray(); - WriteDebug($"Step 5: Current large blob array loaded ({blobArray.Entries.Count} entries)."); - - byte[]? blobData = null; - int matchingEntryCount = 0; - int selectedEntryIndex = -1; - - // Iterate entries and decrypt with this credential's largeBlobKey. - // If multiple entries match, pick the newest (highest index). - for (int i = 0; i < blobArray.Entries.Count; i++) - { - if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out Memory decrypted)) - { - matchingEntryCount++; - blobData = decrypted.ToArray(); - selectedEntryIndex = i; - } - } - - if (matchingEntryCount == 0 || blobData is null) - { - throw new InvalidOperationException($"No large blob entry found for credential '{selectedCredentialId}'."); - } - if (matchingEntryCount > 1) - { - WriteWarning( - $"Found {matchingEntryCount} large blob entries for credential '{selectedCredentialId}'. " + - $"Using newest entry at index {selectedEntryIndex}. " + - "Use Set-YubiKeyFIDO2 -LargeBlob and choose overwrite to compact to a single entry."); - } - WriteDebug($"Step 6: Blob entry selected from index {selectedEntryIndex} ({blobData.Length} bytes)."); - - WriteDebug($"Step 7: Writing blob data to '{OutFile.FullName}'."); - // Write the blob data to the output file - string resolvedPath = GetUnresolvedProviderPathFromPSPath(OutFile.FullName); - try - { - System.IO.File.WriteAllBytes(resolvedPath, blobData); - } - catch (Exception ex) - { - throw new IOException($"Failed to write large blob data to file '{OutFile}'.", ex); - } - - WriteInformation( - $"FIDO2 large blob exported successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", - new[] { "FIDO2", "LargeBlob" }); - } - else - { - // Get and output FIDO2 authenticator information - AuthenticatorInfo info = fido2Session.AuthenticatorInfo; - WriteObject(new Information(info)); - } + // Get and output FIDO2 authenticator information + AuthenticatorInfo info = fido2Session.AuthenticatorInfo; + WriteObject(new Information(info)); } } } -} +} \ No newline at end of file diff --git a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs index 7dffddc..f763961 100644 --- a/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs +++ b/Module/Cmdlets/FIDO2/SetYubikeyFIDO2.cs @@ -19,19 +19,6 @@ /// .EXAMPLE /// Set-YubiKeyFIDO2 -MinimumPINRelyingParty "example.com" /// Sends minimum PIN length to specified relying party -/// -/// .EXAMPLE -/// Set-YubiKeyFIDO2 -LargeBlob test.txt -RelyingPartyID "demo.yubico.com" -/// Imports a file as a large blob when there is no more than one credential for the Relying Party on the YubiKey -/// -/// .EXAMPLE -/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" -/// Imports a file as a large blob for a specified FIDO2 Credential by ID (handles multiple entries for the same Relying Party) -/// -/// .EXAMPLE -/// cd C:\CODE -/// Set-YubiKeyFIDO2 -LargeBlob test.txt -CredentialId "19448fe...67ab9207071e" -Force -/// Imports a file as a large blob and overwrites any existing blob entry for that credential without prompting /// using System.Management.Automation; // Windows PowerShell namespace. @@ -44,9 +31,6 @@ using System.Collections.ObjectModel; using Yubico.YubiKey.Piv; using Microsoft.VisualBasic; -using Yubico.YubiKey.Cryptography; -using System.Security.Cryptography; -using Newtonsoft.Json; namespace powershellYK.Cmdlets.Fido { @@ -68,54 +52,6 @@ public class SetYubikeyFIDO2Cmdlet : PSCmdlet, IDynamicParameters [Parameter(Mandatory = true, ParameterSetName = "Send MinimumPIN to RelyingParty", ValueFromPipeline = false, HelpMessage = "To which RelyingParty should minimum PIN be sent")] public string? MinimumPINRelyingParty { get; set; } - // Parameters for large blob import - [Parameter( - Mandatory = true, - ParameterSetName = "Set LargeBlob", - ValueFromPipeline = false, - HelpMessage = "File to import as large blob" - )] - [Parameter( - Mandatory = true, - ParameterSetName = "Set LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "File to import as large blob" - )] - [ValidatePath(fileMustExist: true, fileMustNotExist: false)] - public System.IO.FileInfo? LargeBlob { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = "Set LargeBlob", - ValueFromPipeline = false, - HelpMessage = "Credential ID (hex or base64url string) to associate with the large blob array." - )] - public powershellYK.FIDO2.CredentialID? CredentialId { get; set; } - - [Parameter( - Mandatory = true, - ParameterSetName = "Set LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "Relying party ID, or relying party display name if unique, to associate with the large blob." - )] - [Alias("RP", "Origin")] - [ValidateNotNullOrEmpty] - public string? RelyingPartyID { get; set; } - - [Parameter( - Mandatory = false, - ParameterSetName = "Set LargeBlob", - ValueFromPipeline = false, - HelpMessage = "Overwrite existing large blob entry for this credential without prompting." - )] - [Parameter( - Mandatory = false, - ParameterSetName = "Set LargeBlob by RelyingPartyID", - ValueFromPipeline = false, - HelpMessage = "Overwrite existing large blob entry for this credential without prompting." - )] - public SwitchParameter Force { get; set; } - // Get dynamic parameters based on YubiKey state public object GetDynamicParameters() { @@ -313,226 +249,8 @@ protected override void ProcessRecord() throw new Exception("Failed to set RelyingParty that will be sent Minimum PIN length."); } break; - - case "Set LargeBlob": - case "Set LargeBlob by RelyingPartyID": - // Verify the YubiKey supports large blobs - if (fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray is null) - { - throw new NotSupportedException("This YubiKey does not support FIDO2 large blobs."); - } - WriteDebug($"Step 1: Large blob support verified (max {fido2Session.AuthenticatorInfo.MaximumSerializedLargeBlobArray.Value} bytes)."); - - if (LargeBlob is null) - { - throw new ArgumentException("You must enter a valid file path.", nameof(LargeBlob)); - } - - // Resolve and read the input file - string resolvedPath = GetUnresolvedProviderPathFromPSPath(LargeBlob.FullName); - byte[] blobData; - try - { - blobData = System.IO.File.ReadAllBytes(resolvedPath); - WriteDebug($"Step 2: Input file loaded from '{LargeBlob.FullName}' ({blobData.Length} bytes)."); - } - catch (Exception ex) - { - throw new IOException($"Failed to read large blob data from file '{LargeBlob}'.", ex); - } - - // Resolve target credential and corresponding relying party. - RelyingParty? credentialRelyingParty = null; - var relyingParties = fido2Session.EnumerateRelyingParties(); - powershellYK.FIDO2.CredentialID selectedCredentialId; - if (ParameterSetName == "Set LargeBlob by RelyingPartyID") - { - if (string.IsNullOrWhiteSpace(RelyingPartyID)) - { - throw new ArgumentNullException(nameof(RelyingPartyID), "A relying party ID/name must be provided when setting a large blob by RelyingPartyID."); - } - - var matchingRps = relyingParties.Where(rpMatch => - string.Equals(rpMatch.Id, RelyingPartyID, StringComparison.OrdinalIgnoreCase) || - (!string.IsNullOrWhiteSpace(rpMatch.Name) && string.Equals(rpMatch.Name, RelyingPartyID, StringComparison.OrdinalIgnoreCase))) - .ToList(); - - if (matchingRps.Count == 0) - { - throw new ArgumentException($"No relying party found matching '{RelyingPartyID}' on this YubiKey.", nameof(RelyingPartyID)); - } - if (matchingRps.Count > 1) - { - string rpCandidates = string.Join(", ", matchingRps.Select(rpMatch => $"'{rpMatch.Id}'")); - throw new InvalidOperationException( - $"Multiple relying parties matched '{RelyingPartyID}': {rpCandidates}. " + - "Use a specific RP ID with -RelyingPartyID, or specify -CredentialId directly."); - } - - credentialRelyingParty = matchingRps[0]; - try - { - var credentialsForOrigin = fido2Session.EnumerateCredentialsForRelyingParty(credentialRelyingParty); - if (credentialsForOrigin.Count == 0) - { - throw new InvalidOperationException($"No credentials found for relying party '{credentialRelyingParty.Id}'."); - } - if (credentialsForOrigin.Count > 1) - { - string candidateCredentialIds = string.Join(", ", - credentialsForOrigin.Select(c => Convert.ToHexString(c.CredentialId.Id.ToArray()).ToLowerInvariant())); - throw new InvalidOperationException( - $"Relying party '{credentialRelyingParty.Id}' has multiple credentials ({credentialsForOrigin.Count}). " + - $"Use Get-YubiKeyFIDO2Credential -RelyingPartyID {credentialRelyingParty.Id} to list credentials, then use -CredentialId to choose which credential to use."); - } - - selectedCredentialId = (powershellYK.FIDO2.CredentialID)credentialsForOrigin[0].CredentialId; - } - catch (NotSupportedException) - { - throw new InvalidOperationException( - $"Unable to enumerate credentials for relying party '{credentialRelyingParty.Id}' due to unsupported algorithm."); - } - } - else - { - // Ensure a credential ID was supplied - if (CredentialId is null) - { - throw new ArgumentNullException(nameof(CredentialId), "A FIDO2 credential ID must be provided when setting a large blob."); - } - - selectedCredentialId = CredentialId.Value; - byte[] credentialIdBytes = selectedCredentialId.ToByte(); - - foreach (RelyingParty currentRp in relyingParties) - { - try - { - var credentials = fido2Session.EnumerateCredentialsForRelyingParty(currentRp); - foreach (var credInfo in credentials) - { - if (credInfo.CredentialId.Id.ToArray().SequenceEqual(credentialIdBytes)) - { - credentialRelyingParty = currentRp; - break; - } - } - if (credentialRelyingParty is not null) - { - break; - } - } - catch (NotSupportedException) - { - // Skip relying parties with unsupported algorithms - continue; - } - } - - if (credentialRelyingParty is null) - { - throw new ArgumentException($"Credential with ID '{selectedCredentialId}' not found on this YubiKey.", nameof(CredentialId)); - } - } - WriteDebug($"Step 3: Target resolved to RP '{credentialRelyingParty.Id}' and credential '{selectedCredentialId}'."); - - // Create client data hash for GetAssertion - byte[] challengeBytes = new byte[32]; - RandomNumberGenerator.Fill(challengeBytes); - var clientData = new - { - type = "webauthn.get", - origin = $"https://{credentialRelyingParty.Id}", - challenge = Convert.ToBase64String(challengeBytes) - }; - var clientDataJSON = JsonConvert.SerializeObject(clientData); - var clientDataBytes = System.Text.Encoding.UTF8.GetBytes(clientDataJSON); - var digester = CryptographyProviders.Sha256Creator(); - _ = digester.TransformFinalBlock(clientDataBytes, 0, clientDataBytes.Length); - ReadOnlyMemory clientDataHash = digester.Hash!.AsMemory(); - WriteDebug($"Step 4: Client data hash created for origin '{clientData.origin}'."); - - // Perform GetAssertion to retrieve the largeBlobKey - var gaParams = new GetAssertionParameters(credentialRelyingParty, clientDataHash); - - // Add the credential ID to the allow list (for non-resident keys) - gaParams.AllowCredential(selectedCredentialId.ToYubicoFIDO2CredentialID()); - - // Request the largeBlobKey extension - gaParams.AddExtension(Extensions.LargeBlobKey, new byte[] { 0xF5 }); - - // Execute assertion ceremony - Console.WriteLine("Touch the YubiKey..."); - var assertions = fido2Session.GetAssertions(gaParams); - if (assertions.Count == 0) - { - throw new InvalidOperationException("GetAssertion returned no assertions."); - } - - // Retrieve the per-credential largeBlobKey - var retrievedKey = assertions[0].LargeBlobKey; - if (retrievedKey is null) - { - throw new NotSupportedException("The credential does not support large blob keys. The credential may need to be recreated with the largeBlobKey extension."); - } - WriteDebug($"Step 5: Assertion completed and largeBlobKey retrieved ({assertions.Count} assertion(s))."); - - // Get the current serialized Large Blob array from the authenticator - var blobArray = fido2Session.GetSerializedLargeBlobArray(); - WriteDebug($"Step 6: Current large blob array loaded ({blobArray.Entries.Count} entries)."); - - // Enforce one entry per credential key by detecting existing decryptable entries. - var matchingEntryIndexes = new List(); - for (int i = 0; i < blobArray.Entries.Count; i++) - { - if (blobArray.Entries[i].TryDecrypt(retrievedKey.Value, out _)) - { - matchingEntryIndexes.Add(i); - } - } - - if (matchingEntryIndexes.Count > 0) - { - string existingMsg = - $"Found {matchingEntryIndexes.Count} existing large blob entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")} " + - $"for relying party '{credentialRelyingParty.Id}'."; - WriteWarning(existingMsg); - - bool overwriteExisting = Force.IsPresent; - if (!overwriteExisting) - { - overwriteExisting = ShouldContinue( - $"{existingMsg} Overwrite existing entr{(matchingEntryIndexes.Count == 1 ? "y" : "ies")}?", - "Large blob entry already exists"); - } - - if (!overwriteExisting) - { - WriteWarning("Operation cancelled by user. Existing large blob entries were left unchanged."); - return; - } - - for (int i = matchingEntryIndexes.Count - 1; i >= 0; i--) - { - blobArray.RemoveEntry(matchingEntryIndexes[i]); - } - } - - WriteDebug($"Step 7: Adding blob entry ({blobData.Length} bytes)."); - // Add a new encrypted entry, binding the data to the retrieved largeBlobKey - blobArray.AddEntry(blobData, retrievedKey.Value); - - WriteDebug("Step 8: Writing updated large blob array to YubiKey..."); - // Write the updated Large Blob array back to the authenticator - fido2Session.SetSerializedLargeBlobArray(blobArray); - - WriteInformation( - $"FIDO2 large blob entry added successfully for Relying Party (Origin): '{credentialRelyingParty.Id}'.", - new[] { "FIDO2", "LargeBlob" }); - break; } } } } -} +} \ No newline at end of file diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1 index caa1cef..de1641d 100644 --- a/Module/powershellYK.psd1 +++ b/Module/powershellYK.psd1 @@ -66,7 +66,7 @@ PowerShellVersion = '7.0' # FormatsToProcess = @('powershellYK.format.ps1xml') # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess -NestedModules = @('') +# NestedModules = @('') # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. # FunctionsToExport = @() diff --git a/Pester/290-Confirm-YubikeyAttestion.tests.ps1 b/Pester/290-Confirm-YubikeyAttestion.tests.ps1 index 526cfbf..13f7fa8 100644 --- a/Pester/290-Confirm-YubikeyAttestion.tests.ps1 +++ b/Pester/290-Confirm-YubikeyAttestion.tests.ps1 @@ -49,12 +49,12 @@ $pest_input = [byte[]](0x30, 0x82, 0x6, 0xEC, 0x30, 0x82, 0x6, 0x72, 0x2, 0x1, 0 } -Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates CSPN" -Tag 'Dry' { +Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates CSPN" -Tag 'Without-YubiKey' { BeforeEach -Scriptblock { } It -Name "Verify Files" -Test { - $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot\TestData\piv_attestion_cspn_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot\TestData\piv_attestion_cspn_intermediatecertificate.cer" + $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot/TestData/piv_attestion_cspn_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot/TestData/piv_attestion_cspn_intermediatecertificate.cer" $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a $pest_return.isFIPSSeries | Should -BeFalse @@ -64,12 +64,12 @@ Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates CSPN" } } -Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates FIPS" -Tag 'Dry' { +Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates FIPS" -Tag 'Without-YubiKey' { BeforeEach -Scriptblock { } It -Name "Verify '-AttestationCertificate _x509_ -IntermediateCertificate _x509_' works" -Test { - $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot\TestData\piv_attestion_fips_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot\TestData\piv_attestion_fips_intermediatecertificate.cer" + $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot/TestData/piv_attestion_fips_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot/TestData/piv_attestion_fips_intermediatecertificate.cer" $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a $pest_return.isFIPSSeries | Should -BeTrue @@ -79,13 +79,13 @@ Describe "Confirm-YubikeyAttestation Attestation/Intermediate Certificates FIPS" } } -Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { +Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Without-YubiKey' { BeforeEach -Scriptblock { $pest_return = $Null } It -Name "Verify 'JustAttestCertificate-File' works" -Test { - $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot\TestData\piv_attestion_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot\TestData\piv_attestion_intermediatecertificate.cer" + $pest_return = Confirm-YubikeyAttestation -AttestationCertificateFile "$PSScriptRoot/TestData/piv_attestion_attestioncertificate.cer" -IntermediateCertificateFile "$PSScriptRoot/TestData/piv_attestion_intermediatecertificate.cer" $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a $pest_return.isFIPSSeries | Should -BeFalse @@ -95,8 +95,8 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } It -Name "Verify 'JustAttestCertificate-Object' works" -Test { - $pest_att = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot\TestData\piv_attestion_attestioncertificate.cer") - $pest_int = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot\TestData\piv_attestion_intermediatecertificate.cer") + $pest_att = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot/TestData/piv_attestion_attestioncertificate.cer") + $pest_int = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot/TestData/piv_attestion_intermediatecertificate.cer") $pest_return = Confirm-YubikeyAttestation -AttestationCertificate $pest_att -IntermediateCertificate $pest_int $pest_return | Should -BeOfType powershellYK.Attestation @@ -106,7 +106,7 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } It -Name "Verify 'requestWithBuiltinAttestation-File' works" -Test { - $pest_return = Confirm-YubikeyAttestation -CertificateRequestFile "$PSScriptRoot\TestData\piv_attestion_certificaterequest_with_attestion.req" + $pest_return = Confirm-YubikeyAttestation -CertificateRequestFile "$PSScriptRoot/TestData/piv_attestion_certificaterequest_with_attestion.req" $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a $pest_return.AttestationValidated | Should -Be $True @@ -114,7 +114,7 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } It -Name "Verify 'requestWithBuiltinAttestation-Object' works" -Test { - $pest_req = [System.Security.Cryptography.X509Certificates.CertificateRequest]::LoadSigningRequestPem((Get-Content "$PSScriptRoot\TestData\piv_attestion_certificaterequest_with_attestion.req"),[System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.X509Certificates.CertificateRequestLoadOptions]::UnsafeLoadCertificateExtensions) + $pest_req = [System.Security.Cryptography.X509Certificates.CertificateRequest]::LoadSigningRequestPem((Get-Content "$PSScriptRoot/TestData/piv_attestion_certificaterequest_with_attestion.req"),[System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.X509Certificates.CertificateRequestLoadOptions]::UnsafeLoadCertificateExtensions) $pest_return = Confirm-YubikeyAttestation -CertificateRequest $pest_req $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a @@ -123,7 +123,7 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } It -Name "Verify 'requestWithExternalAttestation-File' works" -Test { - $pest_return = Confirm-YubikeyAttestation -CertificateRequestFile "$PSScriptRoot\TestData\piv_attestion_5_4_3_9a_request.req" -AttestationCertificateFile "$PSScriptRoot\TestData\piv_attestion_5_4_3_9a_slot_attestation.cer" -IntermediateCertificateFile "$PSScriptRoot\TestData\piv_attestion_5_4_3_9a_AttestationIntermediateCertificate.cer" + $pest_return = Confirm-YubikeyAttestation -CertificateRequestFile "$PSScriptRoot/TestData/piv_attestion_5_4_3_9a_request.req" -AttestationCertificateFile "$PSScriptRoot/TestData/piv_attestion_5_4_3_9a_slot_attestation.cer" -IntermediateCertificateFile "$PSScriptRoot/TestData/piv_attestion_5_4_3_9a_AttestationIntermediateCertificate.cer" $pest_return | Should -BeOfType powershellYK.Attestation $pest_return.Slot | Should -Be 0x9a @@ -132,9 +132,9 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } It -Name "Verify 'requestWithExternalAttestation-Object' works" -Test { - $pest_req = [System.Security.Cryptography.X509Certificates.CertificateRequest]::LoadSigningRequestPem((Get-Content "$PSScriptRoot\TestData\piv_attestion_certificaterequest_with_attestion.req"),[System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.X509Certificates.CertificateRequestLoadOptions]::UnsafeLoadCertificateExtensions) - $pest_att = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot\TestData\piv_attestion_attestioncertificate.cer") - $pest_int = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot\TestData\piv_attestion_intermediatecertificate.cer") + $pest_req = [System.Security.Cryptography.X509Certificates.CertificateRequest]::LoadSigningRequestPem((Get-Content "$PSScriptRoot/TestData/piv_attestion_certificaterequest_with_attestion.req"),[System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.X509Certificates.CertificateRequestLoadOptions]::UnsafeLoadCertificateExtensions) + $pest_att = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot/TestData/piv_attestion_attestioncertificate.cer") + $pest_int = [System.Security.Cryptography.X509Certificates.X509Certificate2]::New("$PSScriptRoot/TestData/piv_attestion_intermediatecertificate.cer") $pest_return = Confirm-YubikeyAttestation -CertificateRequest $pest_req -AttestationCertificate $pest_att -IntermediateCertificate $pest_int $pest_return | Should -BeOfType powershellYK.Attestation @@ -145,7 +145,7 @@ Describe "Confirm-YubikeyAttestation ParameterSetName tests" -Tag 'Dry' { } -Describe "Confirm-YubikeyAttestation Errors" -Tag 'Dry' { +Describe "Confirm-YubikeyAttestation Errors" -Tag 'Without-YubiKey' { It -Name "Incorrect string on CertificateRequest" -Test { {Confirm-YubikeyAttestation -CertificateRequest ""} | Should -Throw } diff --git a/Pester/315-Confirm-YubiKeyFIDO2Attestation.tests.ps1 b/Pester/315-Confirm-YubiKeyFIDO2Attestation.tests.ps1 index 296ed61..9c99a6e 100644 --- a/Pester/315-Confirm-YubiKeyFIDO2Attestation.tests.ps1 +++ b/Pester/315-Confirm-YubiKeyFIDO2Attestation.tests.ps1 @@ -27,16 +27,16 @@ Describe "Confirm-YubiKeyFIDO2Attestation paths" -Tag "Without-YubiKey" { } } -Describe "Confirm-YubiKeyFIDO2Attestation output" -Tag 'Dry' { +Describe "Confirm-YubiKeyFIDO2Attestation output" -Tag 'Without-YubiKey' { It -Name "Verify AttestationPath contains Yubico root" -Test { - $pest_return = Confirm-YubiKeyFIDO2Attestation -AttestationObject "$PSScriptRoot\TestData\attestation.bin" + $pest_return = Confirm-YubiKeyFIDO2Attestation -AttestationObject "$PSScriptRoot/TestData/attestation.bin" ($pest_return.AttestationPath -join ' ') | Should -Match 'Yubico' } } -Describe "Confirm-YubiKeyFIDO2Attestation Errors" -Tag 'Dry' { +Describe "Confirm-YubiKeyFIDO2Attestation Errors" -Tag 'Without-YubiKey' { It -Name "Missing file throws" -Test { - $badPath = Join-Path $PSScriptRoot "TestData\nonexistent_attestation_315_test.bin" + $badPath = Join-Path $PSScriptRoot "TestData/nonexistent_attestation_315_test.bin" (Test-Path $badPath) | Should -Be $false $threw = $false try { Confirm-YubiKeyFIDO2Attestation -AttestationObject $badPath } catch { $threw = $true } @@ -45,7 +45,7 @@ Describe "Confirm-YubiKeyFIDO2Attestation Errors" -Tag 'Dry' { It -Name "Invalid format throws" -Test { $threw = $false - try { Confirm-YubiKeyFIDO2Attestation -AttestationObject "$PSScriptRoot\TestData\rsa_2048_cert.pem" } catch { $threw = $true } + try { Confirm-YubiKeyFIDO2Attestation -AttestationObject "$PSScriptRoot/TestData/rsa_2048_cert.pem" } catch { $threw = $true } $threw | Should -Be $true } } diff --git a/build.ps1 b/build.ps1 index f4a70dd..1dbcef5 100644 --- a/build.ps1 +++ b/build.ps1 @@ -4,11 +4,7 @@ if (Test-Path 'release') { $Directory = New-Item -Type Directory 'release' dotnet publish module --nologo --framework 'net8.0' --output "$($Directory.fullname)" -dotnet publish powershellYK_loader --nologo --framework 'net8.0' --output "$($Directory.fullname)\loader" - -Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.dll" "$($Directory.fullname)" #Copy-Item "$($Directory.fullname)\loader\powershellYK_loader.pdb" "$($Directory.fullname)\module" -Remove-Item -Recurse "$($Directory.fullname)\loader" #Move-Item "$($Directory.fullname)\module\powershellYK.psd1" "$($Directory.fullname)" #Move-Item "$($Directory.fullname)\module\powershellYK.format.ps1xml" "$($Directory.fullname)"