From dc93b271594dcd61f486e676656e95e58c69aed6 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Wed, 9 Mar 2011 10:01:35 +0100 Subject: [PATCH] Clarifications. --- ykpersonalize.1 | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/ykpersonalize.1 b/ykpersonalize.1 index 6ef28c2..bf8b69e 100644 --- a/ykpersonalize.1 +++ b/ykpersonalize.1 @@ -43,7 +43,8 @@ ykpersonalize - personalize Yubikey OTP tokens .PP Set the AES key, user ID and other settings in a Yubikey. For the complete explanation of the meaning of all parameters, see the reference -manual: http://yubico.com/files/YubiKey_manual-2.0.pdf +manual: +.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual" .TP \fB\-1\fR change the first configuration. This is the default and is @@ -81,21 +82,23 @@ Salt to be used when deriving key from a password. If none is given, a unique random one will be generated. .TP \fBfixed\fR=\fIfffffffffff\fR -The public modhex identity of key, 0-16 characters long. +The modhex \fIpublic identity\fR of the Yubikey, 0-16 characters long. It's possible to give the identity in hex as well, just prepend the value with `h:'. The fixed part is emitted before the OTP when the -button on the YubiKey is pressed. It can be used as an identifier for +button on the Yubikey is pressed. It can be used as an identifier for the user, for example. .TP \fBuid\fR=\fIuuuuuu\fR -The uid part of the generated ticket, in hex. -Must be 12 characters long. The uid is 6 bytes of data that is encrypted -in every OTP, and is used to validate that an OTP was in fact encrypted -with the AES key shared between the YubiKey and validation service. +The uid part of the generated OTP, in hex. +Must be 12 characters long. The uid is 6 bytes of static data that is included +(encrypted) in every OTP, and is used to validate that an OTP was in fact encrypted +with the AES key shared between the Yubikey and the validation service. It cannot +be used to identify the Yubikey as it is only readable to those that know +the AES key. .TP \fBaccess\fR=\fIfffffffffff\fR -New hex access code to set. -Must be 12 characters long. +New hex access code to set. Must be 12 characters long. +If an access code is set, it will be required for subsequent reprogramming of the Yubikey. .TP [\-]\fIticket-flag\fR Set/clear ticket flag, see the section `Ticket flags\&' @@ -233,7 +236,7 @@ can be supplied with -a. .PP The token identifier can be set with the -ofixed= option. See section "5.3.4 - OATH-HOTP Token Identifier" of the -.URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual" +.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual" for details, but in short the token identifier is 2 bytes manufacturer prefix, 2 bytes token type and then 8 bytes manufacturer unique ID. -- 2.39.5