Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:54 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Fri Dec 27, 2013 4:08 pm 
Offline

Joined: Fri Dec 27, 2013 12:49 am
Posts: 4
I just installed the ykneo-oath applet on the NEO. It works fine with the Yubikey Authenticator app on Android. Really cool.

I wonder what is used as the private key? There must be a way to programmatically set the key, in order to "clone" a lost Yubikey to a new one. Can anyone shed some light on this?

Thanks.


Last edited by huntington on Mon Dec 30, 2013 5:06 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Dec 28, 2013 7:18 am 
Offline
Site Admin
Site Admin

Joined: Mon Mar 02, 2009 9:51 pm
Posts: 83
The private key is stored inside the secure element of the NEO, and can not be extracted from the device. To create a clone, it is advised to store a copy of the QR code used for programming, which contains the private key and is how the key gets onto the NEO in the first place. It can then be used to program another NEO at a later time.


Top
 Profile  
Reply with quote  
PostPosted: Mon Dec 30, 2013 5:03 pm 
Offline

Joined: Fri Dec 27, 2013 12:49 am
Posts: 4
I was under the wrong assumption that OATH works with an additional secret stored on the device. But on a second thought, that makes no sense. The QR codes contain the whole key and the Yubikey just stores them securely. Thanks for clarifying!


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 02, 2014 5:59 pm 
Offline
User avatar

Joined: Mon Dec 30, 2013 8:04 am
Posts: 8
How would one recover the secret key based on the QR code?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 02, 2014 6:18 pm 
Offline

Joined: Fri Dec 27, 2013 12:49 am
Posts: 4
You can e.g. use the ZXing Barcode Scanner (https://play.google.com/store/apps/details?id=com.google.zxing.client.android&hl=de) to scan the QR code. It will show you the text representation, which includes a parameter secret=xxxxx.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group