KSM Decryption Protocol

The protocol for asking a YubiKey Key Storage Module (KSM) to decrypt an OTP is to request a HTTP resource as follows:

https://ykksm.example.com/wsapi/decrypt/?otp=dteffujehknhfjbrjnlnldnhcujvddbikngjrtgh

On success, the response will follow this format:

^OK .*

For example:

OK counter=000f low=c541 high=a7 use=04

The content of the various fields are as follows:

counter

16-bit hex integer, counting upwards on each powerup&touch

low

16-bit hex integer, low part of time-stamp of OTP

high

8-bit hex integer, high part of time-stamp of OTP

use

8-bit hex integer, counting upwards on each touch

On soft errors, the response will follow this format:

^ERR .*

For example:

ERR Invalid OTP format

The data matching .* will be a english error message in one line.

Any other kind of response means a hard error occurred.