From: Tollef Fog Heen Date: Tue, 18 Jan 2011 18:42:01 +0000 (+0100) Subject: Merge branch 'master' into debian X-Git-Tag: show~4 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7bcfa1329314129935b07bdc8400a8dac04ee70;p=yubikey-personalization.old Merge branch 'master' into debian Conflicts: ykpersonalize.1 --- a7bcfa1329314129935b07bdc8400a8dac04ee70 diff --cc ykpersonalize.1 index 7d432a8,979bdb1..f01cae9 --- a/ykpersonalize.1 +++ b/ykpersonalize.1 @@@ -201,22 -206,40 +206,50 @@@ When set, the first two bytes of the fi .TP [\-]\fBoath-fixed-modhex\fR When set, the fixed part is sent as modhex. + .TP + \fBYubikey 2.1 firmware and above\fR + .TP + [\-]\fBchal-yubico\fR + Yubico OTP challenge-response mode. + .TP + [\-]\fBchal-hmac\fR + Generate HMAC-SHA1 challenge responses. + .TP + [\-]\fBhmac-lt64\fR + Calculate HMAC on less than 64 bytes input. Whatever is in the last byte + of the challenge is used as end of input marker (backtracking from end of payload). + .TP + [\-]\fBchal-btn-trig\fR + The Yubikey will wait for the user to press the key (within 15 seconds) before + answering the challenge. + .SH OATH-HOTP Mode - When using OATH-HOTP mode, the key that is shared with the server - consists of the AES key plus the first four bytes (eight hex - characters) of the UID. The token identifier is defined by the fixed - prefix. + When using OATH-HOTP mode, a HMAC key of 160 bits (20 bytes, 40 chars of hex) + can be supplied with -a. + .PP + The token identifier can be set with the -ofixed= option. + See section "5.3.4 - OATH-HOTP Token Identifier" of the + .URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual" + for details, but in short the token identifier is 2 bytes manufacturer prefix, + 2 bytes token type and then 8 bytes manufacturer unique ID. + + .SH Challenge-response Mode + In \fBCHAL-RESP\fR mode, the token will NOT generate any keypresses when the button + is pressed (although it is perfectly possible to have one slot with a keypress-generating + configuration, and the other in challenge-response mode). Instead, a program capable of + sending USB HID feature reports to the token must be used to send it a challenge, and + read the response. - +.SH Modhex +Modhex is a way of writing hex digits where the \(lqdigits\(rq are +chosen for being in the same place on most keyboard layouts. To +convert from hex to modhex, you can use +.RS +tr "[0123456789abcdef]" "[cbdefghijklnrtuv]" +.RE +To convert the other way, use +.RS +tr "[cbdefghijklnrtuv]" "[0123456789abcdef]" +.RE .SH BUGS Report ykpersonalize bugs in .URL "http://code.google.com/p/yubikey-personalization/issues/list" "the issue tracker"