CRYPTEXCTL-NONCE(1) | General Commands Manual | CRYPTEXCTL-NONCE(1) |
cryptexctl nonce
—
retrieve or manipulate cryptex personalization
nonces
cryptexctl nonce |
nonce [-r | --roll ]
[-g | --global ]
CRYPTEX-NAME |
Retrieve or manipulate personalization nonces for cryptexes. In the current implementation, all cryptexes are personalized with a single nonce which is rolled when the host performs a software update. In the future, each cryptex will have an individual nonce.
This nonce can be used with cryptexctl-create(1) to personalize a cryptex for a device when the device is not present.
A list of options with descriptions:
-r
| --roll
]-g
| --global
]--global
option is not given.CRYPTEXCTL_UDID
cryptexctl nonce
to set the [--udid]
option on the base cryptexctl(1) command. This UDID
value can be retrieved from the cryptexctl-device(1)
command's
list or
print
actions and provides a convenient way to operate on a single device when
multiple devices are connected.
The magic value "first" will select the first discovered device.
This command will communicate with the local cryptex subsystem if
[-udid] or CRYPTEXTCTL_UDID
is not specified. When
manually personalizing a cryptex with cryptexctl-create(1)
ensure you are communicating with the device you expect by confirming the
UDID
matches with the output from
cryptexctl-device(1).
Introduced in macOS 11.0
August 7, 2020 | Darwin |