| yubikey-totp(1) | General Commands Manual | yubikey-totp(1) |
yubikey-totp - Produce an OATH TOTP code using a YubiKey
yubikey-totp [-v] [-h] [--time | --step] [--digits] [--slot] [--debug]
OATH codes are one time passwords (OTP) calculated in a standardized way. While the YubiKey is primarily used with Yubico OTP's, the YubiKey is also capable of producing OATH codes.
OATH generally comes in two flavors -- event based (called HOTP) and time based (called TOTP). Since the YubiKey does not contain a battery, it cannot keep track of the current time itself and therefor a helper application such as yubikey-totp is required to effectively send the current time to the YubiKey, which can then perform the cryptographic calculation needed to produce the OATH code.
Through the use of a helper application, such as yubikey-totp, the YubiKey can be used with sites offering OATH TOTP authentication, such as Google GMail.
The YubiKey OATH TOTP operation can be demonstrated using the RFC 6238 test key "12345678901234567890" (ASCII).
First, program a YubiKey for HMAC-SHA1 Challenge-Response operation with the test vector HMAC key :
$ ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -o serial-api-visible \ -a 3132333435363738393031323334353637383930
Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :
$ yubikey-totp --step 30 --digits 8 --time 1111111109 07081804 $
Report yubikey-totp bugs in the issue tracker ⟨URL: https://github.com/Yubico/python-yubico/issues/ ⟩.
YubiKeys can be obtained from Yubico ⟨URL: http://www.yubico.com/ ⟩.
| June 2012 | python-yubico |