Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:53 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: Mon Mar 16, 2015 7:43 am 
Offline

Joined: Fri Dec 05, 2014 6:03 am
Posts: 3
The Yubikey manual (v3.3) says the “Yubikey Neo features a high-quality, cryptographically secure random number generator”. Is there a tool to get some random numbers from a Neo onto a PC?

Presumably the Neo implements javacard.security.RandomData.generateData(…) as an API to the high-quality RNG. That makes the RNG available to applets on the Neo, but is not sufficient to expose the RNG to a PC tool via an APDU. Do any of the standard applets (OTP, OAUTH, PGP, PIV, U2F) support an APDU that returns randomness?

Presumably the high-quality RNG is used when yubico-piv-tool.exe is used to trigger a Neo to generate a new RSA or ECC key-pair. I was hoping there was another command that returns values from the RNG directly.


Last edited by jamesmanger on Tue Mar 17, 2015 1:15 am, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Mar 16, 2015 12:30 pm 
Offline
Site Admin
Site Admin

Joined: Thu Apr 19, 2012 1:45 pm
Posts: 148
Hello,

The PIV applet exposes a way to get out randomness. It's a bit of a hack but is exposed through opensc as well. The APDU in question would in this case be:
00 87 03 9b 04 7c 02 81 00
which will return 8 bytes of random data for every call.

/klas


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 17, 2015 1:14 am 
Offline

Joined: Fri Dec 05, 2014 6:03 am
Posts: 3
Thanks Klas,
That is a GENERAL AUTHENTICATE command (INS '87') specifying 3-key Triple DES in ECB mode (P1 '03') with the admin key (P2 '9B') and requesting a challenge (tag '81' in dynamic auth template tag '7C').
That works (after selecting the PIV applet 00 A4 04 00 05 A000000308). It returns 8 random bytes after a couple of tags (7C 0A 81 08 <8 random bytes>).


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 23, 2015 11:29 pm 
Offline
User avatar

Joined: Sun Feb 07, 2010 5:53 am
Posts: 3
Location: Ohio
This is a little easier than dealing with the card protocols directly, if it works for your use case (and for other readers who may want to use the card's RNG, it's directly usable in scripts etc):

Code:
echo "scd random 128" | gpg-connect-agent


This sends a command via stdin to gpg-connect-agent, which sends it to your currently running gpg-agent, which in turn sends "random 128" to scdaemon, which should, as I understand the scdaemon command protocol, ask your card to generate 128 bytes and return it to you. You should see your Neo's button flicker every time you run this command. Remove/reinsert your card or run gpg --card-status (or both) if it complains about the card not being connected.

Granted the output isn't exactly clean (it spits out response characters like "OK" along with the entropy sample). I believe it should be possible to have it output this in the GnuPG "machine readable" format (the one used by libgpgme and enabled by gpg's --with-colons option), but it doesn't seem to work as an option to gpg-connect-agent.

Even so, the output of that scd command should be predictable, a script or program could pretty easily account for it (awk could trim it too, but I'm not so good with awk :D )


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 04, 2016 12:33 pm 
Offline

Joined: Fri Nov 04, 2016 11:23 am
Posts: 2
Touching this older and interesting thread.
mrsteveman1 wrote:
This is a little easier than dealing with the card protocols directly, if it works for your use case (and for other readers who may want to use the card's RNG, it's directly usable in scripts etc):
Code:
echo "scd random 128" | gpg-connect-agent
...

Not sure whether someone's mileage will vary, on my current system the raw binary data is formatted such that all \n, \r and % characters are escaped with url percent encoding, chopped into ~1000 char pieces carefully not to split any escaped symbol, and put into separate lines prefixed with D and space, so i can nicely extract the raw data when i extend the pipe with:
Code:
| perl -pe 'chomp;s/^D\s//;s/%(0[AD]|25)/chr(hex($1))/eg;if(eof&&/^OK$/){exit}'


Top
 Profile  
Reply with quote  
PostPosted: Sun Jan 08, 2017 10:54 pm 
Offline

Joined: Tue Oct 28, 2014 8:52 pm
Posts: 3
Code:
$ gpg-connect-agent
> scd random 32
ERR 100663404 Card error <SCD>

The scd random command words on my Yubikey NEOs, but not on my Yubikey 4s. It fails with the card error seen above. Any ideas why?

Also, to contribute some nice formatting for outputting random numbers from the Yubikey:
Code:
$ echo "scd random 128" | gpg-connect-agent | sha512sum
a45477d57d8bac1988d52efc36b0b8c72e6e2f5c2f2abdc605b64feea60ca20f96e728faf4ec6e20b7722d9dc3d130ca88510e4f294ce5881c5c2ae5a2c3f4b3  -
$ echo "scd random 128" | gpg-connect-agent | tr -dc 0-z | xargs
D?KAj81p<o=F@vNhSDD_c10Dt8N9SIp9Y3OK


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group