ykchalresp(1) [debian man page]
ykchalresp(1) General Commands Manual ykchalresp(1) NAME
ykchalresp - Perform challenge-response operation with YubiKey SYNOPSIS
ykchalresp [-1 | -2] [-H] [-Y] [-N] [-x] [-v] [-h] OPTIONS
Send a challenge to a YubiKey, and read the response. The YubiKey can be configured with two different C/R modes -- the standard one is a 160 bits HMAC-SHA1, and the other is a YubiKey OTP mimicing mode, meaning two subsequent calls with the same challenge will result in dif- ferent responses. -1 send the challenge to slot 1. This is the default. -2 send the challenge to slot 2. -H send a 64 byte HMAC challenge. This is the default. -Y send a 6 byte Yubico OTP challenge. -N non-blocking mode -- abort if the YubiKey is configured to require a key press before sending the response. -x challenge is hex encoded. -v enable verbose mode. EXAMPLE
The YubiKey challenge-response operation can be demonstrated using the NIST PUB 198 A.2 test vector. First, program a YubiKey with the test vector : $ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a 303132333435363738393a3b3c3d3e3f40414243 ... Commit? (y/n) [n]: y $ Now, send the NIST test challenge to the YubiKey and verify the result matches the expected : $ ykchalresp -2 'Sample #2' 0922d3405faa3d194f82a45830737d5cc6c75d24 $ BUGS
Report ykchalresp bugs in the issue tracker <https://github.com/Yubico/yubikey-personalization/issues> SEE ALSO
The ykpersonalize home page <http://code.google.com/p/yubikey-personalization/> YubiKeys can be obtained from Yubico <http://www.yubico.com/>. yubikey-personalization Febuary 2011 ykchalresp(1)
Check Out this Related Man Page
yubikey-totp(1) General Commands Manual yubikey-totp(1) NAME
yubikey-totp - Produce an OATH TOTP code using a YubiKey SYNOPSIS
yubikey-totp [-v] [-h] [--time | --step] [--digits] [--slot] [--debug] DESCRIPTION
OATH codes are one time passwords (OTP) calculated in a standardized way. While the YubiKey is primarily used with Yubico OTP's, the YubiKey is also capable of producing OATH codes. OATH generally comes in two flavors -- event based (called HOTP) and time based (called TOTP). Since the YubiKey does not contain a bat- tery, it cannot keep track of the current time itself and therefor a helper application such as yubikey-totp is required to effectively send the current time to the YubiKey, which can then perform the cryptographic calculation needed to produce the OATH code. Through the use of a helper application, such as yubikey-totp, the YubiKey can be used with sites offering OATH TOTP authentication, such as Google GMail. OPTIONS
-v enable verbose mode. -h show help --time specify the time value to use (in seconds since epoch) --step how frequent codes change in your system - typically 30 or 60 seconds --digits digits in OATH code - typically 6 --slot YubiKey slot to use - default 2 --debug enable debug output EXAMPLE
The YubiKey OATH TOTP operation can be demonstrated using the RFC 6238 test key "12345678901234567890" (ASCII). First, program a YubiKey for HMAC-SHA1 Challenge-Response operation with the test vector HMAC key : $ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -o serial-api-visible -a 3132333435363738393031323334353637383930 Now, send the NIST test challenge to the YubiKey and verify the result matches the expected : $ yubikey-totp --step 30 --digits 8 --time 1111111109 07081804 $ BUGS
Report yubikey-totp bugs in the issue tracker <https://github.com/Yubico/python-yubico/issues/>. SEE ALSO
YubiKeys can be obtained from Yubico <http://www.yubico.com/>. python-yubico June 2012 yubikey-totp(1)