NAME¶
yubikey-totp - Produce an OATH TOTP code using a YubiKey
SYNOPSIS¶
yubikey-totp [
-v] [
-h] [
--time |
--step]
[
--digits] [
--slot] [
--debug]
DESCRIPTION¶
OATH codes are one time passwords (OTP) calculated in a standardized way. While
the YubiKey is primarily used with Yubico OTP's, the YubiKey is also capable
of producing OATH codes.
OATH generally comes in two flavors -- event based (called HOTP) and time based
(called TOTP). Since the YubiKey does not contain a battery, it cannot keep
track of the current time itself and therefor a helper application such as
yubikey-totp is required to effectively send the current time to the YubiKey,
which can then perform the cryptographic calculation needed to produce the
OATH code.
Through the use of a helper application, such as yubikey-totp, the YubiKey can
be used with sites offering OATH TOTP authentication, such as Google GMail.
OPTIONS¶
- -v
- enable verbose mode.
- -h
- show help
- --time
- specify the time value to use (in seconds since epoch)
- --step
- how frequent codes change in your system - typically 30 or 60 seconds
- --digits
- digits in OATH code - typically 6
- --slot
- YubiKey slot to use - default 2
- --debug
- enable debug output
EXAMPLE¶
The YubiKey OATH TOTP operation can be demonstrated using the
RFC 6238
test key "12345678901234567890" (ASCII).
First, program a YubiKey for HMAC-SHA1 Challenge-Response operation with the
test vector HMAC key :
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -o serial-api-visible \
-a 3132333435363738393031323334353637383930
Now, send the NIST test challenge to the YubiKey and verify the
result matches the expected :
$ yubikey-totp --step 30 --digits 8 --time 1111111109
07081804
$
BUGS¶
Report yubikey-totp bugs in the issue tracker ⟨URL:
https://github.com/Yubico/python-yubico/issues/ ⟩.
SEE ALSO¶
YubiKeys can be obtained from Yubico ⟨URL:
http://www.yubico.com/
⟩.