ykchalresp(1) General Commands Manual ykchalresp(1)
NAME
ykchalresp - Perform challenge-response operation with YubiKey
SYNOPSIS
ykchalresp [-1 | -2] [-H] [-Y] [-N] [-x] [-v] [-h]
OPTIONS
Send a challenge to a YubiKey, and read the response. The YubiKey can be configured with two different C/R modes -- the standard one is a
160 bits HMAC-SHA1, and the other is a YubiKey OTP mimicing mode, meaning two subsequent calls with the same challenge will result in dif-
ferent responses.
-1 send the challenge to slot 1. This is the default.
-2 send the challenge to slot 2.
-H send a 64 byte HMAC challenge. This is the default.
-Y send a 6 byte Yubico OTP challenge.
-N non-blocking mode -- abort if the YubiKey is configured to require a key press before sending the response.
-x challenge is hex encoded.
-v enable verbose mode.
EXAMPLE
The YubiKey challenge-response operation can be demonstrated using the NIST PUB 198 A.2 test vector.
First, program a YubiKey with the test vector :
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a 303132333435363738393a3b3c3d3e3f40414243
...
Commit? (y/n) [n]: y
$
Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :
$ ykchalresp -2 'Sample #2'
0922d3405faa3d194f82a45830737d5cc6c75d24
$
BUGS
Report ykchalresp bugs in the issue tracker <https://github.com/Yubico/yubikey-personalization/issues>
SEE ALSO
The ykpersonalize home page <http://code.google.com/p/yubikey-personalization/>
YubiKeys can be obtained from Yubico <http://www.yubico.com/>.
yubikey-personalization Febuary 2011 ykchalresp(1)