NAME

Crypt::MultiKey::YubicoOTP - Access to Yubico OTP API, used by older YubiKey authenticator devices

SYNOPSIS

@devices= Crypt::MultiKey::YubicoOTP::list_devices();
my $resp= Crypt::MultiKey::YubicoOTP::challenge_response($devices[0], $slot, $chal_bytes);

DESCRIPTION

This is a wrapper around the tools ykinfo(1) and ykchalresp(1) from Yubico, maker of YubiKey hardware authenticators. They operate on what Yubico calls the "OTP application", which is a protocol for One Time Passwords. This protocol also includes a Challenge/Response feature which is suitable for generating deterministic passwords from a seed value which can only be computed by the hardware key. The challenge/response is the only piece needed by Crypt::MultiKey, so that is all that is implemented here.

In case the ykinfo and ykchalresp tools are not installed, there is an XS fallback for Linux that can interact directly with /dev/hidraw device nodes.

Note that some cheaper YubiKeys do not support the OTP application. For those, see Crypt::MultiKey::FIDO2.

FUNCTIONS

available

Return true if either the yubikey-personalization tools (ykinfo, ykchalresp) are available on this host, or if XS support was compiled when Crypt::MultiKey was built.

list_devices

@devices= Crypt::MultiKey::YubicoOTP::list_devices();

Return a list of Crypt::MultiKey::YubicoOTP::Device objects for each available authenticator.

challenge_response

$resp= Crypt::MultiKey::YubicoOTP::ChallengeResponse($dev, $slot, $chal);

$resp is an instance of Crypt::SecretBuffer. The device should be one of the values returned by "list_devices". The YubiKey supports two slots, named '1' and '2' (not '0') and you need to select which one to perform the challenge against. That slow also needs to be configured to allow challenges. $chal is a scalar of raw bytes, not HEX.

CONFIGURATION

You can specify the paths to the exeutables used by this module with the %Crypt::MultiKey::command_path global variable:

ykinfo: $Crypt::MultiKey::command_path{ykinfo}
ykchalresp: $Crypt::MultiKey::command_path{ykchalresp}.

For security, these are not configurable from an environment variable.

VERSION

version 0.000_001

AUTHOR

Michael Conrad <mike@nrdvana.net>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Crypt::MultiKey, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::MultiKey

CPAN shell

perl -MCPAN -e shell
install Crypt::MultiKey

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)