2014-09-30 21:46:19 +02:00
|
|
|
Yubikey KSM Decryption Protocol
|
|
|
|
|
-------------------------------
|
2014-09-19 15:02:49 +02:00
|
|
|
|
|
|
|
|
The protocol for asking the Yubikey Key Storage Module to decrypt an
|
|
|
|
|
OTP is to request a HTTP resource as follows:
|
|
|
|
|
|
|
|
|
|
http://ykksm.example.com/wsapi/decrypt/?otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
|
|
|
|
|
|
|
|
|
|
On success, the response will follow this format:
|
|
|
|
|
|
|
|
|
|
^OK .*
|
|
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
|
|
OK counter=000f low=c541 high=a7 use=04
|
|
|
|
|
|
|
|
|
|
The content of the various fields are as follows:
|
|
|
|
|
|
|
|
|
|
* '''counter''': 16-bit hex integer, counting upwards on each powerup&touch
|
|
|
|
|
|
|
|
|
|
* '''low''': 16-bit hex integer, low part of time-stamp of OTP
|
|
|
|
|
|
|
|
|
|
* '''high''': 8-bit hex integer, high part of time-stamp of OTP
|
|
|
|
|
|
|
|
|
|
* '''use''': 8-bit hex integer, counting upwards on each touch
|
|
|
|
|
|
|
|
|
|
On soft errors, the response will follow this format:
|
|
|
|
|
|
|
|
|
|
^ERR .*
|
|
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
|
|
ERR Invalid OTP format
|
|
|
|
|
|
|
|
|
|
The data matching .* will be a english error message in one line.
|
|
|
|
|
|
|
|
|
|
Any other kind of response means a hard error occured.
|
