Lib.rs

AuthenticationYubico
#yubi-key #configuration #challenge-response #encryption

yubico_manager

Yubikey Challenge-Response & Configuration

by Flávio Oliveira

9 unstable releases (3 breaking)

Uses old Rust 2015

0.9.0 Aug 29, 2021
0.8.2 Jul 30, 2021
0.8.1 Jan 2, 2021
0.8.0 Dec 8, 2020
0.6.2 Oct 2, 2019

#515 in Authentication

Download history 48/week @ 2023-12-18 31/week @ 2023-12-25 27/week @ 2024-01-01 24/week @ 2024-01-08 17/week @ 2024-01-15 8/week @ 2024-01-22 2/week @ 2024-01-29 13/week @ 2024-02-05 74/week @ 2024-02-12 20/week @ 2024-02-19 56/week @ 2024-02-26 49/week @ 2024-03-04 46/week @ 2024-03-11 40/week @ 2024-03-18 37/week @ 2024-03-25 169/week @ 2024-04-01

306 downloads per month
Used in 3 crates

MIT/Apache

33KB
748 lines

Yubico Manager   Build Status Latest Version MIT licensed Apache-2.0 licensed

Yubikey Challenge-Response & Configuration.

Current features

  • Challenge-Response, YubiKey 2.2 and later supports HMAC-SHA1 or Yubico challenge-response operations.
  • Configuration.

Usage

Add this to your Cargo.toml

[dependencies]
yubico_manager = "0.8"

Configure Yubikey (HMAC-SHA1 mode)

Note, please read about the initial configuration Alternatively you can configure the yubikey with the official Yubikey Personalization GUI.

extern crate rand;
extern crate yubico_manager;

use yubico_manager::{Yubico};
use yubico_manager::config::{Config, Command};
use yubico_manager::configure::{ DeviceModeConfig };
use yubico_manager::hmacmode::{ HmacKey };
use rand::{thread_rng, Rng};
use rand::distributions::{Alphanumeric};

fn main() {
   let mut yubi = Yubico::new();

   if let Ok(device) = yubi.find_yubikey() {
       println!("Vendor ID: {:?} Product ID {:?}", device.vendor_id, device.product_id);

       let config = Config::default()
           .set_vendor_id(device.vendor_id)
           .set_product_id(device.product_id)
           .set_command(Command::Configuration2);

        let mut rng = thread_rng();

        // Secret must have 20 bytes
        // Used rand here, but you can set your own secret: let secret: &[u8; 20] = b"my_awesome_secret_20";
        let secret: String = rng.sample_iter(&Alphanumeric).take(20).collect();
        let hmac_key: HmacKey = HmacKey::from_slice(secret.as_bytes());

        let mut device_config = DeviceModeConfig::default();
        device_config.challenge_response_hmac(&hmac_key, false, false);

        if let Err(err) = yubi.write_config(config, &mut device_config) {
            println!("{:?}", err);
        } else {
            println!("Device configured");
        }

   } else {
       println!("Yubikey not found");
   }
}

Example Challenge-Response (HMAC-SHA1 mode)

Configure the yubikey with Yubikey Personalization GUI

extern crate hex;
extern crate yubico_manager;

use std::ops::Deref;
use yubico_manager::{Yubico};
use yubico_manager::config::{Config, Slot, Mode};

fn main() {
   let mut yubi = Yubico::new();

   if let Ok(device) = yubi.find_yubikey() {
       println!("Vendor ID: {:?} Product ID {:?}", device.vendor_id, device.product_id);

       let config = Config::default()
           .set_vendor_id(device.vendor_id)
           .set_product_id(device.product_id)
           .set_variable_size(true)
           .set_mode(Mode::Sha1)
           .set_slot(Slot::Slot2);

       // Challenge can not be greater than 64 bytes
       let challenge = String::from("mychallenge");
       // In HMAC Mode, the result will always be the SAME for the SAME provided challenge
       let hmac_result= yubi.challenge_response_hmac(challenge.as_bytes(), config).unwrap();

       // Just for debug, lets check the hex
       let v: &[u8] = hmac_result.deref();
       let hex_string = hex::encode(v);

       println!("{}", hex_string);

   } else {
       println!("Yubikey not found");
   }
}

Dependencies

~3MB
~60K SLoC