Yubico Forum

I would like to use the yubikey as a way to both authenticating and decrypting resources on a remote system - so the authentication is handled by the normal OTP functionality, but I would also like to be able to include a decryption key not know by the server.

But the only private payload that I can send (as far as I can tell) is the private "ID". 6 bytes is 48 bits, which is a little small for an encryption key. So my question is, is there any way of storing more private data? Like can I somehow fix the 16bit random number to be a known constant, yielding 64 bits total (which is still small, but might be enough, at least as a proof of concept).

Anyway, I know this is not exactly what the yubikey is designed for, but I think it could have real potential - as more and more computation is done via the web, the inherent problem of permanently storing decryption keys serverside (or not encrypting data at all, as it is basically equivalent) becomes more of an issue. In theory it is simple to send a decryption key every time you use a service, but for it to be realistic, it has to be practical, and it seems like the yubikey (with just a tiny bit more data) could make this really easy, as it is already capable of sending a tamper-proof secret payload.

Yes, you could program a static password http://www.yubico.com/static-password

Doing that would be vulnerable to replay attacks, which would be definitely non-optimal. I would like to retain the security of OTPs, but just deliver a slightly larger payload.

How about OTP in slot 1, to mitigate replay attacks, and a static password/encryption key in slot 2?