Yubikey Service

Documentation

Personalize your Yubikey

Yubico provides some tools allowing you to reconfigure your Yubikey. Please refer to their documentation: Personalization Tool.

For Linux users, here's a simple script which can help you. You'll have to install some tools before.

#!/usr/bin/env python
from random import seed, choice
from datetime import datetime
from string import letters

__aes_size = 32
__priv_size = 12
__pub_size = 6
__hexHexChars = '0123456789abcdef'
__modHexChars = 'cbdefghijklnrtuv'

__hex2ModDict = dict(zip(__hexHexChars, __modHexChars))
__mod2HexDict = dict(zip(__modHexChars, __hexHexChars))

def __modhex_encode(s):
    return ''.join(
        [ __hex2ModDict[c] for c in s.encode('hex') ]
    )
# end def modhex_encode

def __modhex_decode(m):
    return ''.join(
        [ __mod2HexDict[c] for c in m ]
    ).decode('hex')
# end def modhex_decode

def __rand(size,array):
  seed(datetime.now())
  return ''.join([choice(array) for x in xrange(size)])

__aes  =  __rand(__aes_size, __hexHexChars)
__priv = __rand(__priv_size, __hexHexChars)
__pub  = __modhex_encode(__rand(__pub_size, letters))

print '''ykpersonalize -a%s -ouid=%s -ofixed=%s''' % (__aes, __priv, __pub)

Server answers

We have several answer code. Most of them are Status 200, and a text output which is really easy to parse.

Sign your request

To sign your request, you'll have to do as follow: 
#!/usr/bin/env python
import hmac, base64
from hashlib import sha512

key = AES
s = 'otp=OTP'

args = hmac.new(key, s, digestmod=sha512)
sign = base64.b64encode(args.digest())
print sign

To verify our signature

You just have to encrypt the content of our answer in the same way, and to compare signatures. Example:
Our answer: 
status=OK
t=TIMESTAMP
h=SIGN
You'll take the first two lines, with the linebreak, encode it, and compare with SIGN.

Service provided by yubico.internux.ch || Privacy stuff || Documentation || Manager