mirror of
https://github.com/Yubico/yubikey-ksm.git
synced 2024-12-03 03:24:16 +01:00
42 lines
907 B
Plaintext
42 lines
907 B
Plaintext
Yubikey KSM Decryption Protocol
|
|
-------------------------------
|
|
|
|
The protocol for asking the Yubikey Key Storage Module to decrypt an
|
|
OTP is to request a HTTP resource as follows:
|
|
|
|
http://ykksm.example.com/wsapi/decrypt/?otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh
|
|
|
|
On success, the response will follow this format:
|
|
|
|
^OK .*
|
|
|
|
For example:
|
|
|
|
OK counter=000f low=c541 high=a7 use=04
|
|
|
|
The content of the various fields are as follows:
|
|
|
|
counter::
|
|
16-bit hex integer, counting upwards on each powerup&touch
|
|
|
|
low::
|
|
16-bit hex integer, low part of time-stamp of OTP
|
|
|
|
high::
|
|
8-bit hex integer, high part of time-stamp of OTP
|
|
|
|
use::
|
|
8-bit hex integer, counting upwards on each touch
|
|
|
|
On soft errors, the response will follow this format:
|
|
|
|
^ERR .*
|
|
|
|
For example:
|
|
|
|
ERR Invalid OTP format
|
|
|
|
The data matching .* will be a english error message in one line.
|
|
|
|
Any other kind of response means a hard error occured.
|