'\" t .\" Title: ykchalresp .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: Version 1.17.3 .\" Manual: YubiKey Personalization Tool Manual .\" Source: ykchalresp .\" Language: English .\" .TH "YKCHALRESP" "1" "Version 1\&.17\&.3" "ykchalresp" "YubiKey Personalization Tool M" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" ykchalresp \- Perform challenge\-response operation with YubiKey .SH "SYNOPSIS" .sp \fBykchalresp\fR [\fI\-1\fR | \fI\-2\fR] [\fI\-H\fR | \fI\-Y\fR] [\fI\-N\fR] [\fI\-x\fR] [\fI\-v\fR] [\fI\-6\fR | \fI\-8\fR] [\fI\-t\fR] [\fI\-V\fR] [\fI\-h\fR] .SH "DESCRIPTION" .sp Send a challenge to a YubiKey, and read the response\&. The YubiKey can be configured with two different C/R modes \(em the standard one is a 160 bits HMAC\-SHA1, and the other is a YubiKey OTP mimicing mode, meaning two subsequent calls with the same challenge will result in different responses\&. .SH "OPTIONS" .PP \fB\-1\fR .RS 4 send the challenge to slot 1\&. This is the default .RE .PP \fB−2\fR .RS 4 send the challenge to slot 2\&. .RE .PP \fB\-H\fR .RS 4 send a 64 byte HMAC challenge\&. This is the default\&. .RE .PP \fB\-Y\fR .RS 4 send a 6 byte Yubico OTP challenge\&. .RE .PP \fB\-N\fR .RS 4 non\-blocking mode \(em abort if the YubiKey is configured to require a key press before sending the response\&. .RE .PP \fB\-x\fR .RS 4 challenge is hex encoded\&. .RE .PP \fB\-v\fR .RS 4 enable verbose mode\&. .RE .PP \fB\-6\fR .RS 4 output the response in OATH format, 6 digits\&. .RE .PP \fB\-8\fR .RS 4 output the response in OATH format, 8 digits\&. .RE .PP \fB\-t\fR .RS 4 use current time as challenge instead of reading challenge from command line (as in default TOTP mode, seconds since 1970\-01\-01 00:00:00 / 30 encoded as an 8 byte challenge)\&. .RE .PP \fB\-V\fR .RS 4 print tool version and exit\&. .RE .SH "EXAMPLE" .sp The YubiKey challenge\-response operation can be demonstrated using the \fBNIST PUB 198 A\&.2\fR test vector\&. .sp First, program a YubiKey with the test vector : .sp .if n \{\ .RS 4 .\} .nf $ ykpersonalize \-2 \-ochal\-resp \-ochal\-hmac \-ohmac\-lt64 \-a 303132333435363738393a3b3c3d3e3f40414243 \&.\&.\&. Commit? (y/n) [n]: y $ .fi .if n \{\ .RE .\} .sp Now, send the NIST test challenge to the YubiKey and verify the result matches the expected : .sp .if n \{\ .RS 4 .\} .nf $ ykchalresp \-2 \*(AqSample #2\*(Aq 0922d3405faa3d194f82a45830737d5cc6c75d24 $ .fi .if n \{\ .RE .\} .SH "BUGS" .sp Report ykchalresp bugs in the issue tracker (https://github\&.com/Yubico/yubikey\-personalization/issues) .SH "SEE ALSO" .sp The ykpersonalize home page ⟨ URL: https://developers\&.yubico\&.com/yubikey\-personalization/ ⟩ .sp YubiKeys can be obtained from Yubico ⟨ URL: http://www\&.yubico\&.com/ ⟩ \&.