Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:48 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Tue Oct 27, 2015 12:57 am 
Offline

Joined: Tue Oct 27, 2015 12:03 am
Posts: 2
I try to setup Challenge-Response Authentication for local pam_yubico usage (and keepassx and maybe even dm-crypt). I wold like to have a backup copy of the key stored on an external medium at a safe location in case my yubikey breaks. So far this all works fine. As long as I just use ykpersonalize I can recreate the same key with the -a option and if I just use yubikey-personalization-gui I can also recreate the same key by entering the same string into the appropriate GUI input field.
But while the key format looks the same in both applications if I enter the key displayed by ykpersonalize into the input field in the GUI or if I use the GUI key on the ykpersonalize command line this does not produce the same key.
Does anyone know how the keys are encoded and how the key displayed by ykpersonalize needs to be transformed to produce the same key when entered into the GUI or vice-versa.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Nov 02, 2015 2:05 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Are you using the hmac-lt64 option ?


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 02, 2015 2:09 pm 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
When this option is in effect the challenge is limited to 63 bytes, but may be less and any challenge longer than 63 bytes will be truncated to 63.


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 02, 2015 9:18 pm 
Offline

Joined: Tue Oct 27, 2015 12:03 am
Posts: 2
Tom2 wrote:
Are you using the hmac-lt64 option ?

Yes the hmac-lt64 is set in both cases. So no difference there. AFAIK this is needed for the pam_yubico challenge-response mode to work at all.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group