{{tag>Brouillon Sécurité}}

= Notes YubiKey Keepass HMAC-SHA1 challenge

** Pas compatible avec les Yubikey Touch U2F Security Key **

Voir https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass

== Test

Source : https://developers.yubico.com/yubikey-personalization/Manuals/ykchalresp.1.html


The YubiKey challenge-response operation can be demonstrated using the NIST PUB 198 A.2 test vector.

First, program a YubiKey with the test vector :
<code ->
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a303132333435363738393a3b3c3d3e3f40414243
 ...
Commit? (y/n) [n]: y
$
</code>

Now, send the NIST test challenge to the YubiKey and verify the result matches the expected :

<code ->
ykchalresp -2 'Sample #2'
0922d3405faa3d194f82a45830737d5cc6c75d24
</code>

== Action


<code bash>
sudo apt-get install keepassxc
</code>

<code bash>
ouid=$(dd if=/dev/urandom 2>/dev/null | tr -d '[:upper:]' | tr -cd '[:xdigit:]' | fold -w40 | head -1)

ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a${ouid}

# Même chose avec la clef de secoure
ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -a${ouid}
</code>