Install Now
yubikey-totp - Produce an OATH TOTP code using a YubiKey
Contents
Bugs
Report yubikey-totp bugs in the issue tracker ⟨https://github.com/Yubico/python-yubico/issues/⟩.
Description
OATH codes are one time passwords (OTP) calculated in a standardized way. While the YubiKey is primarily
used with Yubico OTP's, the YubiKey is also capable of producing OATH codes.
OATH generally comes in two flavors -- event based (called HOTP) and time based (called TOTP). Since the
YubiKey does not contain a battery, it cannot keep track of the current time itself and therefor a helper
application such as yubikey-totp is required to effectively send the current time to the YubiKey, which
can then perform the cryptographic calculation needed to produce the OATH code.
Through the use of a helper application, such as yubikey-totp, the YubiKey can be used with sites
offering OATH TOTP authentication, such as Google GMail.
Example
The YubiKey OATH TOTP operation can be demonstrated using the RFC6238 test key "12345678901234567890"
(ASCII).
First, program a YubiKey for HMAC-SHA1 Challenge-Response operation with the test vector HMAC key :
$ ykpersonalize-2-ochal-resp-ochal-hmac-ohmac-lt64-oserial-api-visible\-a3132333435363738393031323334353637383930
Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :
$ yubikey-totp--step30--digits8--time1111111109
07081804
$
Name
yubikey-totp - Produce an OATH TOTP code using a YubiKey
Options
-v enable verbose mode.
-h show help
--time specify the time value to use (in seconds since epoch)
--step how frequent codes change in your system - typically 30 or 60 seconds
--digits
digits in OATH code - typically 6
--slot YubiKey slot to use - default 2
--debug
enable debug output
See Also
YubiKeys can be obtained from Yubico ⟨http://www.yubico.com/⟩.
python-yubico June 2012 yubikey-totp(1)
Synopsis
yubikey-totp [-v] [-h] [--time | --step] [--digits] [--slot] [--debug]
